alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

Compare commits

base: alanorth:e1b412bfff4bfaed7dc8f7e7f92f4df8bcc0d119
Branches Tags
alanorth:master alanorth:alpine
..
compare: alanorth:alpine
Branches Tags
alanorth:master alanorth:alpine

27 Commits
e1b412bfff ... alpine

Author SHA1 Message Date
Alan Orth
4846cbd968 roles/common: Add firewall task for Alpine 2021-02-13 12:18:58 +02:00
Alan Orth
aa63f5946c roles/common: Add TODO about tarsnap on Alpine 2021-02-13 12:18:58 +02:00
Alan Orth
53d574dd12 roles/common: Add Alpine packages 2021-02-13 12:18:58 +02:00
Alan Orth
92c23bc2b5 roles/common: Use chrony for NTP on Alpine 2021-02-13 12:18:58 +02:00
Alan Orth
e93b8af949 Add vars/Alpine.yml 2021-02-13 12:18:58 +02:00
Alan Orth
dd04238a83 host_vars/web19: Add dev domain 2021-02-13 12:18:31 +02:00
Alan Orth
efdbeb75ea host_vars/web19: WordPress 5.6.1 2021-02-13 11:48:21 +02:00
Alan Orth
cd4411260c roles/common: Update list of abusive IP addresses 
This comes from the AbuseIPDB with a confidence level of 95%. I use
the following command to download and sort the IPs:

  $ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \
    confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \
    -H "Accept: text/plain" | sort | sed -e '/:/w /tmp/ipv6.txt' \
    -e '/:/d' > /tmp/ipv4.txt

I manually add the XML formatting to each file and run them through
tidy:

  $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml
  $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml
 2021-02-07 15:56:33 +02:00
Alan Orth
8cb232a765 Pipfile.lock: Run pipenv update 2021-02-07 15:53:10 +02:00
Alan Orth
d4ca119265 Pipfile.lock: run pipenv update 
Minor Ansible update
 2021-01-27 11:06:12 +02:00
Alan Orth
f72f8c7a8d host_vars/web19: Remove piwik nginx host 2021-01-06 09:07:41 +02:00
Alan Orth
d7fa1697a1 host_vars/web19: Remove piwik database 2021-01-06 09:00:54 +02:00
Alan Orth
b0420d2adb roles: Remove mentions of Piwik 
I never check the damn analytics stats and the database is huge.
 2021-01-06 09:00:18 +02:00
Alan Orth
c70ebba151 Add host_vars/web20 2021-01-01 19:55:14 +02:00
Alan Orth
ac860e72f2 roles/php-fpm: Only run PHP tasks if we need them 2021-01-01 19:54:12 +02:00
Alan Orth
101c05d248 web.yml: Only run MariaDB role if it is needed 
Not all web hosts need this. Some are static sites, for example.
 2021-01-01 19:28:40 +02:00
Alan Orth
1b75679496 roles/mariadb: The service is mariadb 2020-12-29 11:25:30 +02:00
Alan Orth
ebf4a4c2ac roles/mariadb: Disable name lookups 
Add skip-name-resolve=1 to disable lookups of hostnames to IPs. We
need to make sure all accounts are using IPs like 127.0.0.1 instead
of "localhost" now.
 2020-12-29 11:19:01 +02:00
Alan Orth
57a83cef26 roles/mariadb: Tweak temp table size 
mysqltuner.pl said:

    When making adjustments, make tmp_table_size/max_heap_table_size equal
 2020-12-29 11:10:31 +02:00
Alan Orth
8ee52143fc roles/mariadb: Disable the query cache by default 
It seems that the usefulness of the query cache is diminishing in
recent years. If your cache is large then the time taken to scan
the cache can be longer than the SQL query itself.

See: https://haydenjames.io/mysql-query-cache-size-performance/
 2020-12-29 11:07:33 +02:00
Alan Orth
67a18c4f49 roles/mariadb: Reduce key buffer size 
mysqltuner.pl shows currently 6M out of 33M being used.
 2020-12-29 10:58:12 +02:00
Alan Orth
b8428e67a8 roles/mariadb: Install MariaDB 10.5 2020-12-29 10:41:27 +02:00
Alan Orth
e18529e6e1 roles/mariadb: Update service name 
As of MariaDB 10.5 the service name and binaries have changed from
mysql, mysqld, etc to mariadbd.

See: https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/
 2020-12-29 10:40:13 +02:00
Alan Orth
89db1449d1 roles/mariadb: Fetch signing key from mariadb.org 
I downloaded the key and checked the fingerprint with gpg:

    $ gpg --dry-run --import mariadb_release_signing_key.asc
    gpg: key F1656F24C74CD1D8: 6 signatures not checked due to missing keys
    gpg: Total number processed: 1
 2020-12-29 10:36:33 +02:00
Alan Orth
6660a0cd36 roles/mariadb: Remove innodb_buffer_pool_instances 
This was deprecated in MariaDB 10.5. The setting is now ignored and
will be removed in a future version.

See: https://mariadb.com/kb/en/changes-improvements-in-mariadb-105/#innodb-removed-or-deprecated-variables
 2020-12-29 10:18:23 +02:00
Alan Orth
e7d5cb1edb host_vars/web19: Override root for picturingjordan.com 2020-12-28 22:55:57 +02:00
Alan Orth
73d6abd15f roles/nginx: Allow sites to override the root 2020-12-28 22:53:32 +02:00
20 changed files with 7163 additions and 7018 deletions
Expand all files Collapse all files

79
Pipfile.lock generated
View File

@@ -18,17 +18,17 @@
"default": {
"ansible": {
"hashes": [
"sha256:98e718aea82199be62db7731373d660627aa1e938d34446588f2f49c228638ee"
"sha256:ae97002e4fb1ed3de947428ff43906c76c66751fe104721cf6b25fa115dbbe8d"
],
"index": "pypi",
"version": "==2.10.4"
"version": "==2.10.6"
},
"ansible-base": {
"hashes": [
"sha256:d4dad569864c08d8efb6ad99acf48ec46d7d118f8ced64f1185f8eac2c280ec3"
"sha256:33ae323923b841f3d822f355380ce7c92610440362efeed67b4b39db41e555af"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
"version": "==2.10.4"
"version": "==2.10.5"
},
"cffi": {
"hashes": [
@@ -48,6 +48,7 @@
"sha256:6bc25fc545a6b3d57b5f8618e59fc13d3a3a68431e8ca5fd4c13241cd70d0009",
"sha256:798caa2a2384b1cbe8a2a139d80734c9db54f9cc155c99d7cc92441a23871c03",
"sha256:7c6b1dece89874d9541fc974917b631406233ea0440d0bdfbb8e03bf39a49b3b",
"sha256:7ef7d4ced6b325e92eb4d3502946c78c5367bc416398d387b39591532536734e",
"sha256:840793c68105fe031f34d6a086eaea153a0cd5c491cde82a74b420edd0a2b909",
"sha256:8d6603078baf4e11edc4168a514c5ce5b3ba6e3e9c374298cb88437957960a53",
"sha256:9cc46bc107224ff5b6d04369e7c595acb700c3613ad7bcf2e2012f62ece80c35",
@@ -93,11 +94,11 @@
},
"jinja2": {
"hashes": [
"sha256:89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0",
"sha256:f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035"
"sha256:03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419",
"sha256:a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
"version": "==2.11.2"
"version": "==2.11.3"
},
"markupsafe": {
"hashes": [
@@ -106,8 +107,12 @@
"sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235",
"sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5",
"sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42",
"sha256:195d7d2c4fbb0ee8139a6cf67194f3973a6b3042d742ebe0a9ed36d8b6f0c07f",
"sha256:22c178a091fc6630d0d045bdb5992d2dfe14e3259760e713c490da5323866c39",
"sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff",
"sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b",
"sha256:2beec1e0de6924ea551859edb9e7679da6e4870d32cb766240ce17e0a0ba2014",
"sha256:3b8a6499709d29c2e2399569d96719a1b21dcd94410a586a18526b143ec8470f",
"sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1",
"sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e",
"sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183",
@@ -116,35 +121,50 @@
"sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1",
"sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15",
"sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1",
"sha256:6f1e273a344928347c1290119b493a1f0303c52f5a5eae5f16d74f48c15d4a85",
"sha256:6fffc775d90dcc9aed1b89219549b329a9250d918fd0b8fa8d93d154918422e1",
"sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e",
"sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b",
"sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905",
"sha256:7fed13866cf14bba33e7176717346713881f56d9d2bcebab207f7a036f41b850",
"sha256:84dee80c15f1b560d55bcfe6d47b27d070b4681c699c572af2e3c7cc90a3b8e0",
"sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735",
"sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d",
"sha256:98bae9582248d6cf62321dcb52aaf5d9adf0bad3b40582925ef7c7f0ed85fceb",
"sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e",
"sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d",
"sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c",
"sha256:a6a744282b7718a2a62d2ed9d993cad6f5f585605ad352c11de459f4108df0a1",
"sha256:acf08ac40292838b3cbbb06cfe9b2cb9ec78fce8baca31ddb87aaac2e2dc3bc2",
"sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21",
"sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2",
"sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5",
"sha256:b1dba4527182c95a0db8b6060cc98ac49b9e2f5e64320e2b56e47cb2831978c7",
"sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b",
"sha256:b7d644ddb4dbd407d31ffb699f1d140bc35478da613b441c582aeb7c43838dd8",
"sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6",
"sha256:bf5aa3cbcfdf57fa2ee9cd1822c862ef23037f5c832ad09cfea57fa846dec193",
"sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f",
"sha256:caabedc8323f1e93231b52fc32bdcde6db817623d33e100708d9a68e1f53b26b",
"sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f",
"sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2",
"sha256:d53bc011414228441014aa71dbec320c66468c1030aae3a6e29778a3382d96e5",
"sha256:d73a845f227b0bfe8a7455ee623525ee656a9e2e749e4742706d80a6065d5e2c",
"sha256:d9be0ba6c527163cbed5e0857c451fcd092ce83947944d6c14bc95441203f032",
"sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7",
"sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be"
"sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be",
"sha256:feb7b34d6325451ef96bc0e36e1a6c0c1c64bc1fbec4b854f4529e51887b1621"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==1.1.1"
},
"packaging": {
"hashes": [
"sha256:24e0da08660a87484d1602c30bb4902d74816b6985b93de36926f5bc95741858",
"sha256:78598185a7008a470d64526a8059de9aaa449238f280fc9eb6b13ba6c4109093"
"sha256:5b327ac1320dc863dca72f4514ecc086f31186744b84a230374cc1fd776feae5",
"sha256:67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==20.8"
"version": "==20.9"
},
"pycparser": {
"hashes": [
@@ -164,21 +184,30 @@
},
"pyyaml": {
"hashes": [
"sha256:06a0d7ba600ce0b2d2fe2e78453a470b5a6e000a985dd4a4e54e436cc36b0e97",
"sha256:240097ff019d7c70a4922b6869d8a86407758333f02203e0fc6ff79c5dcede76",
"sha256:4f4b913ca1a7319b33cfb1369e91e50354d6f07a135f3b901aca02aa95940bd2",
"sha256:6034f55dab5fea9e53f436aa68fa3ace2634918e8b5994d82f3621c04ff5ed2e",
"sha256:69f00dca373f240f842b2931fb2c7e14ddbacd1397d57157a9b005a6a9942648",
"sha256:73f099454b799e05e5ab51423c7bcf361c58d3206fa7b0d555426b1f4d9a3eaf",
"sha256:74809a57b329d6cc0fdccee6318f44b9b8649961fa73144a98735b0aaf029f1f",
"sha256:7739fc0fa8205b3ee8808aea45e968bc90082c10aef6ea95e855e10abf4a37b2",
"sha256:95f71d2af0ff4227885f7a6605c37fd53d3a106fcab511b8860ecca9fcf400ee",
"sha256:ad9c67312c84def58f3c04504727ca879cb0013b2517c85a9a253f0cb6380c0a",
"sha256:b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d",
"sha256:cc8955cfbfc7a115fa81d85284ee61147059a753344bc51098f3ccd69b0d7e0c",
"sha256:d13155f591e6fcc1ec3b30685d50bf0711574e2c0dfffd7644babf8b5102ca1a"
"sha256:08682f6b72c722394747bddaf0aa62277e02557c0fd1c42cb853016a38f8dedf",
"sha256:0f5f5786c0e09baddcd8b4b45f20a7b5d61a7e7e99846e3c799b05c7c53fa696",
"sha256:129def1b7c1bf22faffd67b8f3724645203b79d8f4cc81f674654d9902cb4393",
"sha256:294db365efa064d00b8d1ef65d8ea2c3426ac366c0c4368d930bf1c5fb497f77",
"sha256:3b2b1824fe7112845700f815ff6a489360226a5609b96ec2190a45e62a9fc922",
"sha256:3bd0e463264cf257d1ffd2e40223b197271046d09dadf73a0fe82b9c1fc385a5",
"sha256:4465124ef1b18d9ace298060f4eccc64b0850899ac4ac53294547536533800c8",
"sha256:49d4cdd9065b9b6e206d0595fee27a96b5dd22618e7520c33204a4a3239d5b10",
"sha256:4e0583d24c881e14342eaf4ec5fbc97f934b999a6828693a99157fde912540cc",
"sha256:5accb17103e43963b80e6f837831f38d314a0495500067cb25afab2e8d7a4018",
"sha256:607774cbba28732bfa802b54baa7484215f530991055bb562efbed5b2f20a45e",
"sha256:6c78645d400265a062508ae399b60b8c167bf003db364ecb26dcab2bda048253",
"sha256:74c1485f7707cf707a7aef42ef6322b8f97921bd89be2ab6317fd782c2d53183",
"sha256:8c1be557ee92a20f184922c7b6424e8ab6691788e6d86137c5d93c1a6ec1b8fb",
"sha256:bb4191dfc9306777bc594117aee052446b3fa88737cd13b7188d0e7aa8162185",
"sha256:c20cfa2d49991c8b4147af39859b167664f2ad4561704ee74c1de03318e898db",
"sha256:d2d9808ea7b4af864f35ea216be506ecec180628aced0704e34aca0b040ffe46",
"sha256:dd5de0646207f053eb0d6c74ae45ba98c3395a571a2891858e87df7c9b9bd51b",
"sha256:e1d4970ea66be07ae37a3c2e48b5ec63f7ba6804bdddfdbd3cfd954d25a82e63",
"sha256:e4fac90784481d221a8e4b1162afa7c47ed953be40d31ab4629ae917510051df",
"sha256:fa5ae20527d8e831e8230cbffd9f8fe952815b2b7dae6ffec25318803a7528fc"
],
"version": "==5.3.1"
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
"version": "==5.4.1"
},
"six": {
"hashes": [

219
host_vars/web19
View File

@@ -1,110 +1,111 @@
$ANSIBLE_VAULT;1.1;AES256
62303831326630663635326562636631623864363765306162636436383762613432313536643863
3639623135613264323034323632663332393239616238390a353162646331663465656362316436
61353064663734613432653436363961653539633364656337353532373138626263343035306463
6333333566653635640a623630613736323933363935356435343561613230636532656533326431
35343335393536393934313865626662643533373938383337646233393236613037323363343437
61343161376631323333626331356139633139383366643036346139623564373536383634643137
31626231636639316463313166373362336663373138643234623435383363323065306232663734
34663963663930343633373864666532353864306137663234313133353537666633396136366665
35393066383234313836326336343633363237376564303238636439303762373337313062616633
38633634373832313633313939643231326130363561623530613836636363643466303930653230
32323837656637316635633062373737616166663532303066656538386565393933353666313666
30336434346562353662663263653833356263643464643563386566643330656633633062626333
30383265393964326431386630366463616563613630663431393735373433636433646663663734
36323635333838396363616331303061646530306430383033366666353663393863613163623362
30393234643036373231616666356363613832616630633462306231326138633461663062643836
61663333323830393338663362383037396230356431303839386263356630303139386136623939
36656432393633373332646261313663313636333633646432616566363338333938323636336336
36643761356361383363336266333261666330323330616466303363306464346362613566323862
33356532343236666134643766373932383630383937343664633037616436626265623064316363
33623730393964363465306638376537303435353937363934383865333639306133643663616265
38643366303035393363666432323062626164666237383239633232303130316265306463386265
33386562366233396366303132363365616634343066326631363836363437303231616433623736
66343333373033663439636432303630313237613461633965316233356636363832353362633632
35663439383135323230363464646433313939396561633030383139346630323435613566396439
64356666666336616334623631333132373064383135323532613635326661343962623363656236
33303639323764623264383964303130306239626638306439643939393630353062313636633466
38613637316534666337353164616534366530336536663162353834636634666639643163643936
34366566636463303431663436376531616139366264393738316330633036396563336330656239
35653736346664386262636538353536393064663161646533353135636137643230653965323562
38346233373861333832666566346261663935646465363231633261626563373762633832623562
32613563383665393531333139353639623232623263353163613138333861383465336635386663
38326464356261663834316632353132323362653737306265366239633431323738393930313761
37633163383932323462373862663034346365643535383862353231363534646530303639316162
62343565653332313663353263303430643032346432653861356235633735303234643666353664
38376666633336383537333464666463666262353063613966383331326239343263376263356230
62343964633131313331626565336635393334633864383431316564626536373463353765636131
62316634393133316666613236366661303332366135336266643763353662313066333464353064
30653664353434323033393361376335616633623331306630376138393764323764353861343430
39363666353464643833643937343538343338313361356566656333373230613833636532663862
62666162313830633936303836393238643561326264373338643663393930653931613964383263
36623435393265363637616234653938656133663761353132366435336533633961316263633137
61623135383837393333303137623030363033383837623534383464346538373433333737656138
37353138396537306330366261653036653835643937336666633630303232336564393334393462
31323637626465393561616362356662393861346436653963306566613964613666656264653864
39336234396332383534383961663831386135393564396434376361333461613166633332643862
33373165343539613362356164643361623635663232346633356232313232633864303438356132
36623461663831343563363765393966393666633766653061306537616663373535356139353461
38303239316239303466346436306339653932376462366237326262363961333034326235626436
66383730343635633566613461653437383463376666366534383639623032333335666134373931
63326239666432353564363535623530646439646236623932343963653530393261363838353961
31333036326637656235633331616531653961336165373763373238626265373232373439303361
38343066643236383866376139363634346632393533383637616139616233373365653862383864
34633638633339643962363536303634386435616662373061643862386331633032666434363834
64623336383366366539643431306230303932666333386635336233363830616461353337633436
36653464616534643038636134366132663430366362643961383335366534353361633230346565
35376534363330316262306564653661353866383930316634623235383337636662376464363931
39333864323162663835356534303135303437306439623938353061623634616365396533613264
64626432653531386634363539623734356234646231323338366165663033363362343437643338
39393362333231653834653237346561613338313264643662336335373163643166356562316363
63396464633334613662383733333136306131343138663237643265386134653034636439663632
31303935373633376438613338303966633462663937653835333939393133653237396130396366
66636533616365343938396664633364653633613231653938383830363439316331313834643163
35343935383462386266313739336232336233343931333965313239383365393164613936636465
30323665633134396662623864643430393434313961623363363039363331306338363137383830
35626161666338646363383562373364623765633430616365336435383230663338633335373433
37643365616339633761663864383438383934366535343861366163323338626437346636323632
36383135373566393561636631663137346266303631323837363261333731333132663830393539
64303066663932353762353839643430323039643138623161633734333132633963323831663439
35366236306632346336663035616664363864643662343235613535663032373239353966316631
36313739333965303962626563356461333536613832643162323031653662663830373839396632
36363635303133373064646333643334393163386531353562316164353536656362393865353539
38376435313530626435373066326132333936663566636331356666396465323565643866346438
39633036323935323130383537666262336362363138633666303833393538653665326561663430
33323466316565373565373966353331346462633430313161613334663465386631623761356233
37313234303561616534363735326531353932386636373730333263656239343262343139646137
65316533613762356638373962393433663236656435303661653430396534316162373366393536
39303732623264336563326362613830636538663736623362663764393762316133323764633134
65643134636466353639356437353538316462666236373261353863653135633030613966633939
36343939333631353361393636353137613236343166663166643863393961333035646636396633
33643064653631373239343930663435396361366437373163653231373836653063636365386138
35326134383565636230666664323736623139623062633038336133376561333439343238663963
32623561666134343837353332346664306339386336376664626564376431353736363762313434
66336464656662623030643133646466373135383039626530396166636439643336383863343263
39363062316339373966343130353536323263373961383739623065316166303466633631663265
32386632393232643331353730613965636634366465343339366363326638313132633434316262
39333239626430623561346335376664303064396430623865643062326461623662653031353332
38313730646463393766656262323836336364353531343434336534626237633335623761326337
36663537633530653664316135343535626331356239313932323731393034653165636363633463
35613961366336363632643532336135346331306361656264323531646365373164316163663030
33323936313735613362336361613638646234326436343661373138333934396165316462376530
37636562373261663134626233353239643036366332353232633237633637363434653537313638
66326633613061396262613637313832653739666331653534383736363431616637656333633239
65386533333933646561643266353466343436366134623637336264623265363538303635656265
38326361333964353736373832623333366363323133623363656433393236626265343638633232
62616439356232383461366639623838616533343634666161323466366462613063383666363832
63633261333135613735366631336434646534653966383133356133316530343038633537386133
34373866616334396636383636343831366663386166323161306538363061326631323565333461
37666566313166303665646333313062646531306230656631613766313766333938663161653965
34343665653037316339393938366131356230373662666135333935306232323732383964323633
36346562313663643736333235313630666664646139633365363436373061373430666434376133
36373762383032373665323564636539386631653662303439643834623662336363653361373032
36383366626137386438646139663363363430376636666561336566313333623038363833323063
35346162646461346461333865323661366463643665303266636364626332386238346264383135
66313739376637393330336339626330653631373732633962363239353734393930353330356433
30323436646233616139343435363636313561313964353831383634646239636434643839366339
65313939343637393138373837376364396633346231663964656639316265643437663463326631
30383835356635323938343164663633326666363536626165376131373930386264383937303939
37396165393765326262643832336537356361616639653130316266666538616238383463626163
6336
66313066303030333063353236313063303262626561316535646263633936336534356437353265
3432356362393665303438333166643066666164363861610a643434356531666366393936353233
37353036656435616361613164323038663364666464373964653337396465373061666533373938
6536323936393135370a666134613830306533623365363933376631313534326265666634366235
36623637383636396437333735336238343434353733303764326237303033303562353237353165
31653866633363623764353533356262643239613531643039393335313731383038343638663830
36356139336363343437666230656366636132613531613339353962373435643563313734646135
61613330323938363063313430343738306536636233353963636665393132643162303562666531
61343365326634303730656133633632353936386431303631363731313730666132656334353731
33616537313230666462653165643535386134663166346262363535383365616431613838383863
65326163303966373938653033613238326634393166643630316230613065353437306237313933
65366131396266393236373162343866383565633030356465613461353131643562343630336566
30633534636634616666616462383136373830623137396366626639373230373834316563343464
38303333366166323238346237646165383633383264333431663530326462323432366332333630
62633132666439313034616465663861323064646564303963633565353734353665313138373636
34653639353333373737613238626535356333633833363737646330643163326131386364646365
64356435636635663737376239313236356361363061313731626230366336326535663866373231
37623262613135636538343934336262633662383266653238613965356639626339303437306633
38373837653737313465376231363637353561303937336138343465376638326163643065336462
61633236373737363633646135396565303835643336393763393933613964663435306336346636
38316231383363616533616437366362376664393135623765646330323161366134323263376466
31386332333565643764343863353039313466643962373736643533666562353766383862326134
31633366636365313231366337313334333130373833656135396262373136393135353039623739
63626463636237633963323739303961663632376330336236663134666461383965303861333835
38663337393930383834653936636365663966333033346562356331306430306338333761353762
38363733356262363161353135633836336363376232326261623264623338663230663838386330
35353762393839646338366365313763346339666433306532353530353261363838356639623436
62306437616630663039653862393466353933333763386163373035373335343834663439633039
34613463303436366631396462363866656533343063356265333539353038326637613063326164
62663833363165643436343538666565386561383335393964313839626237623031343564656632
35613534636437306463373466653431336562303132313462326233663561343837323331353035
33303336356237306464363564666136633230396635623066376564373737353335356432343231
66633735316466633039663338316566343739373664316335366462356237366139363731643366
33353039373665333232383235303932623435366638313465396333316565646134343463336330
65306334623631386364353364313638643930306265343363666366663164643435333834376439
64396434366362343733323366343232653930646565313762376436663965626562636238623066
63303236326362323966666630343136336563343564393833636465333832396666396638653661
61323561393563326437386462656266303830353730313839613136656331323938616631386235
30633730303838313038313263363363633136623861326662623366613461343133356261633030
34333732343037396131343764366535343639326333353036353038656533333339306363653435
39656166393265356338656631353065653630303237663761386332323530663966343864663438
65356365386131333236396234623537323062363539383061323832363563326435306465663234
66316638376436613265353662646264666138666165343763393330613765346163356138616633
66373338393163333435666236386239663735653135386532633135646539316665313036323763
38666464363432656534313263306266323066646133353765386463343264633131633936373036
31326138633131393962633861333036373537366163613562383033336333616130636435326331
66653766653065306164613335623933616135393335383438356337633239363131303237653566
62636263383236656136376237646363363234363232643636623333396531363461303538373662
36313537393238626337613964623731666261316366346666323261386661643035353164613637
32303061336363306335306431613263646266303038323739636662326465303961616339333461
65626263366333333562386461636231636438623966626136663932303035343531363234356663
37313661353764343764396666633666613238323638646233353138383638353938303933396431
65366564353533363039383838313562663561633434393833636365303561333534393930653630
63663464613334623864313663383630353166363862373132343532393135313666626464376436
34616566663764363566663530646638363338653538353661393835383035346236646233363564
34656165303737326261353032363435333731363031343366353863313138653865346535636564
31393134336534616161303132353764343833636465356661376638633163643739383830616534
65386262663734356134303039623265303935363764623537326565633030613465666435636232
61623334393734616262613232306339396639643636373762653738333463616361653430656438
63316265303634323033303330353232636136333863366261656532383065313334386335666636
34303564636333356364663565333932343064333266383638663365366636643866353132373966
66336563346233656531643735663062393630616537656264323136353266623161353261333239
33636563376566333331366336353338343730383962653138636535623039643461303763333961
63373264333037653563643937373664373665343136396635316634613632653232353033666266
31333064623765326536386630353435333438326232633565663531303730636530386564366633
63326335333639376266396562343838636430643664303737373565363635643037616231393665
36636337633564373561343266666632656235646662633965663733383731633832373334646335
34396163636635633637393834396566663062633135383330396564656536333330623737636332
36646362623131366166626639386238616566323135323334636638393934663336663532306336
38396634393433623963316261303061616634333566306239366666373238376466633166623464
33313538663838373465626638316432613135386262376233633362616463623363646433353666
32633838303837656335333336353564343461373236353736623032663139333338646463323533
65326131616433666563343163663462393235366135633661366564623662303932626164366632
38306430356238633162656337303536663065653639353562343965663366373861646162653562
62306236326163393336643232663336656637623539353835613536653164393038623966316433
32623462343037616465623736306530633736623061343430356638633530313331306363323837
63396263393136363137643632623938316363386238346237333862303735363065386633366263
31313834646239323631393335633534383930373630663538653864383930666465653731616263
35333830633430343436646266663231303466343138643338343634346133613666613734313037
34383931643631633539346262653631336565623366343564303332333831346436373162356362
66383864313732303962653662333036373239343335623765616536306465623030393138663838
30313861636631393462653836626164373034666533323338383262393132396436666639363262
39356132343939366534666665393231346566663432653236376333323363643166393431316161
33343666316138353333346263346266343731613065356631336231373266343338393939663038
35343235393563623434313266306163323266346662623063353631663433646436613130636663
38356335616438633638383236333131663163613436303934386335363432323063303234383331
34636432653262643438653931313233626462623034346137303738643932353334373531303439
30366233373535343431373365393566383538363763313036623262343066346236303061326631
64376463336538363132656464666365343861393330313637356237666361343666633436346534
33636332386336646333616330613738343264626438613135313962336534373130316330366233
30316333636564326165663565666361643430656366393939616538323530383632636661326331
35366663646533313034333764626237623637363164356163636432653765656439326438383134
62623638633934336334393636333336633164343066336161333138653637333435306230653865
35363032393633623331363933373463623032333361616365373037666333643634343963663835
34363033363731346663643363383965336536353332646262326136353965353137383737336165
33613733656463376333376264633935373239363337323538356636636439393564373332323031
31623733663530326632373235313830396133373430613061613438653336653462316336623438
30343032346133363830656231663966653734326635333831626639393666303033653437326238
65333566643066393331323466366662383135383734313537663664376161323265613436653535
63643832616663303632623433636161333339376635333635626137326662396562633830343337
65376165376564396433343736313134656332383533356138383039386266636238613936653962
32373337346335383136303838343034376432363436356465613836366230313463303239373531
65383334646431346565656638353537333765623430333133663663326134646566306137643663
65643338386439666636376461356466396261326165333030623633613364343631343830653939
64323266626131666332666433386434313936306361633164373532626231366234623735333932
62306362346164336433336139313561366162303666353635653634396139313734626463663735
38306466626237626634666138363665326636316563356431333432313534363638613833613539
38306237353764376462323238663034646662393433623830616361623735343162666465626230
30633731323939633265323338373537383261333235303262633336636433316339383433653861
3861653261646632636364623830626561393864666135346634

49
host_vars/web20 Normal file
View File

@@ -0,0 +1,49 @@
$ANSIBLE_VAULT;1.1;AES256
30313139316131383630353236343338323465653163323838616464396137656365393639613766
3733323562386139353933626339663039653437363037350a356263643762313634613736356363
30383534346664353030346233653163616330376562346164613731346566393330623165306234
3833306632616536650a386239363931326463663665346363313462646464646632643961343631
63393164366163353461633038653833623963363233396464663839653330386231303461636564
39613265343765323636373736646462333665303333373737633632346465343439386335623334
35333933363966623730643632313361356661303562393535646230626639363335623861323033
32356664663539343262336535623233326234356463373031356361633536366430346338393831
34666232373761643430356662653431646661646165663134633135663933616262393763356133
61323063383036313166643866303136656164386239326437303238623338306433633762303630
39396438396639666433376533333765313431383862383031333031616334656136643262636438
65626565333939616631336237633063396430376434626437313666646165333239376463383837
64656635343661353735666666306134653530303033326662613230663061613034383461326534
65306131326634643732326530336136623731663336656138383635383730653633373737386335
31316136643634613536366439393565633964643735333336613865366138396539663534646435
61626530353836366337643062366532323538326161633137353336626537633739393464646632
32343730356362393336313535303034363531373961616265623934393161306261663562653464
63336164366531636130343939353235343261316534613665316363346266396332633763346536
65633038366530356138373661306234316161343762343638366639653132333438613766343939
61316232386465643236326430396130333831666363313032623537383032646663396239663338
38313939306465353033663066633435626635353138336330336333616231363634653665386532
65326463663933343966356437353433313565316139366365323934643131346636323737626437
36343435643231366663323134656561666133303030383734316237386532396662366461646365
38303434363763363866383761386535383262323432333730323236353439653163613966333032
39306533333132373736313834326464643134393432303537643835336438393461663233333239
32333365663337653436303662393263366161326465663036373934373764363438656436666232
32326134393161656133613266633966396663353631616537363361396537623164373964636666
61613731306333303336316337343635316134363431646433333932633336363065393637343030
39366537656430663932616335323661316533643763643161613463646363656232346333303331
38363234333261653135316266313736366439343138666165366533353035613731633466396363
31663166336431653461663463383333623664356365396230353130386138363261356331663965
66636338336466366132633437396535643736333733633430373964343533366338666532346263
38353233303437663339616532636662373761393461666439663133373633653139613531393738
32383937373833323938356333343963306534633734393162363965356163643862643037636231
65366461663161353939633866323162613761663836626232346236343263386364303233313161
32313265366562313731656630393166336662616661313964666661616439343265383566383332
33386266366534383934363839636636316532613133636664323136373130363534333531613663
35333964626634643135663639373339626335643366333766386631363439393435626439636166
37616339313336656634393538323935383964343437646433636636383061366437386330643334
34383237353036396563643730373663383165623633326336313031326435623538376130393130
64636538663963303938623866626431313238646465633437333863363865666435636564323764
39303638663830656162393836366262663161633763656630663434386435643462353661353035
63336461333464363838313765653037393964633536636435666162346461633561386364333966
32623761373435366665363239626632646364323934383163346637356562653332373536343462
31323036356132373930656364393061306130353632623661663032343230633635336664376134
38363239396139333230346138386337313364353934396362373233376266383537346431653234
34323835306165613739383336303964656565373636343639303831386466623031396665343234
33373164663339653839

13699
roles/common/files/abusers-ipv4.xml
View File

File diff suppressed because it is too large Load Diff

9
roles/common/files/abusers-ipv6.xml
View File

@@ -3,9 +3,12 @@
<option name="family" value="inet6" />
<short>abusers-ipv6</short>
<description>A list of abusive IPv6 addresses.</description>
<entry>2001:41d0:a:3307::</entry>
<entry>2001:41d0:1:f934::1</entry>
<entry>2001:41d0:602:238d::</entry>
<entry>2001:41d0:a:2a31::</entry>
<entry>2400:6180:0:d1::476:7001</entry>
<entry>2402:1f00:8001:8bd::</entry>
<entry>2604:a880:800:10::5bf:2001</entry>
<entry>2607:5300:120:878::</entry>
<entry>2a03:b0c0:3:d0::d4d:b001</entry>
<entry>2a00:d680:20:50::bcb2</entry>
<entry>2a02:2168:a01:33ee::1</entry>
</ipset>

15
roles/common/tasks/firewall_Alpine.yml Normal file
View File

@@ -0,0 +1,15 @@
---
# TODO: configure awall (ipsets?)
# TODO: configure fail2ban
- block:
- name: Set Alpine firewall packages
set_fact:
alpine_firewall_packages:
- awall
- fail2ban
- name: Install Alpine firewall packages
apk: name={{ alpine_firewall_packages }} state=present
# vim: set sw=2 ts=2:

5
roles/common/tasks/main.yml
View File

@@ -17,6 +17,11 @@
when: ansible_distribution == 'Ubuntu'
tags: packages
- name: Install common packages
include_tasks: packages_Alpine.yml
when: ansible_distribution == 'Alpine'
tags: packages
- name: Configure firewall
include_tasks: firewall_Debian.yml
when: ansible_distribution == 'Debian'

5
roles/common/tasks/ntp.yml
View File

@@ -1,6 +1,7 @@
---
# Hosts running Ubuntu 16.04+ and Debian 9+ use systemd init system and should
# use timedatectl as a network time client instead of the standalone ntp client.
# Alpine can use chrony.
- name: Set timezone
when: timezone is defined and ansible_service_mgr == 'systemd'
@@ -15,4 +16,8 @@
apt: name=ntp state=absent update_cache=yes
when: ansible_service_mgr == 'systemd'
- name: Install chronyd on Alpine
apt: name=chrony state=present
when: ansible_distribution == 'Alpine'
# vim: set ts=2 sw=2:

28
roles/common/tasks/packages_Alpine.yml Normal file
View File

@@ -0,0 +1,28 @@
---
# requires: ansible-galaxy collection install community.general
# TODO: configure tarsnap
- block:
- name: Upgrade base OS
apk: upgrade=yes update_cache=yes
- name: Set Alpine base packages
set_fact:
alpine_base_packages:
- git
- tmux
- htop
- strace
- mosh
- vim
- unzip
- zstd
- name: Install Alpine base packages
apk: name={{ alpine_base_packages }} state=present update_cache=yes
#- name: Install tarsnap
# import_tasks: tarsnap.yml
tags: packages
# vim: set sw=2 ts=2:

15
roles/mariadb/defaults/main.yml
View File

@@ -2,11 +2,10 @@
# file: roles/mariadb/defaults/main.yml
#
# Based on my running of mysqltuner.pl on a host with three WordPress databases
# and a Piwik instance monitoring three sites.
#
# default is 128MB but is a waste because it seems only the mysql table uses it
key_buffer_size: 32M
key_buffer_size: 8M
# default is 128MB but is a waste because it seems only information_schema uses
# AriaDB, see: https://mariadb.com/kb/en/mariadb/aria-system-variables
@@ -15,10 +14,6 @@ aria_pagecache_buffer_size: 8M
# default is 128M, but set to at least the size of your InnoDB data
innodb_buffer_pool_size: 256M
# Unless you have a pool size over 1GB, use a single instance
# See: https://mariadb.com/kb/en/mariadb/xtradbinnodb-server-system-variables
innodb_buffer_pool_instances: 1
# Ansible 2.7.x with PyMySQL seems to default to TCP connection so we should
# force it to use a Unix socket.
# See: https://github.com/ansible/ansible/issues/47736
@@ -27,4 +22,12 @@ mariadb_login_unix_socket: /var/run/mysqld/mysqld.sock
# default is 100 but the max I've seen used is 5, so let's reduce it
max_connections: 33
# disable the query cache by default
query_cache_size: 0
query_cache_type: 0
# mysqltuner says we should use larger than 32M on our setup
tmp_table_size: 64M
max_heap_table_size: 64M
# vim: set ts=2 sw=2:

4
roles/mariadb/handlers/main.yml
View File

@@ -1,5 +1,5 @@
---
- name: restart mysql
systemd: name=mysql state=restarted
- name: restart mariadb
systemd: name=mariadb state=restarted
# vim: set ts=2 sw=2:

8
roles/mariadb/tasks/main.yml
View File

@@ -1,10 +1,10 @@
---
- name: Add GPG key for MariaDB repo
apt_key: id=0x177F4010FE56CA3336300305F1656F24C74CD1D8 url=https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x177F4010FE56CA3336300305F1656F24C74CD1D8
apt_key: id=0x177F4010FE56CA3336300305F1656F24C74CD1D8 url=https://mariadb.org/mariadb_release_signing_key.asc
register: add_mariadb_apt_key
tags: mariadb, packages
- name: Add MariaDB 10.4 repo
- name: Add MariaDB 10.5 repo
template: src=mariadb.list.j2 dest=/etc/apt/sources.list.d/mariadb.list owner=root group=root mode=0644
register: add_mariadb_apt_repository
tags: mariadb, packages
@@ -26,7 +26,7 @@
- name: Create system my.cnf
template: src=my.cnf.j2 dest=/etc/mysql/my.cnf owner=root group=root mode=0644
notify:
- restart mysql
- restart mariadb
tags: mariadb
# 'localhost' needs to be the last item for idempotency, see
@@ -51,7 +51,7 @@
tags: mariadb
- name: Create MariaDB user(s)
mysql_user: name={{ item.user }} password={{ item.pass }} priv={{ item.name }}.*:ALL state=present
mysql_user: name={{ item.user }} password={{ item.pass }} priv={{ item.name }}.*:ALL host=127.0.0.1 state=present
loop: "{{ mariadb_databases }}"
when: mariadb_databases is defined
tags: mariadb

2
roles/mariadb/templates/mariadb.list.j2
View File

@@ -1,3 +1,3 @@
{{ ansible_managed | comment }}
deb [arch=amd64] http://mirror.23media.de/mariadb/repo/10.4/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main
deb [arch=amd64] http://mirror.23media.de/mariadb/repo/10.5/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main

15
roles/mariadb/templates/my.cnf.j2
View File

@@ -47,6 +47,10 @@ skip-external-locking
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
# don't resolve connection IPs to hostnames (make sure user accounts are using
# IPs instead of "localhost")
skip-name-resolve=1
#
# * Fine Tuning
#
@@ -57,8 +61,8 @@ max_allowed_packet = 16M
thread_cache_size = 128
sort_buffer_size = 4M
bulk_insert_buffer_size = 16M
tmp_table_size = 32M
max_heap_table_size = 32M
tmp_table_size = {{ tmp_table_size }}
max_heap_table_size = {{ max_heap_table_size }}
#
# * MyISAM
#
@@ -75,11 +79,9 @@ read_rnd_buffer_size = 1M
#
# * Query Cache Configuration
#
# Cache only tiny result sets, so we can fit more in the query cache.
query_cache_limit = 128K
query_cache_size = 64M
# for more write intensive setups, set to DEMAND or OFF
#query_cache_type = DEMAND
query_cache_size = {{ query_cache_size }}
query_cache_type = {{ query_cache_type }}
#
# * Logging and Replication
#
@@ -141,7 +143,6 @@ innodb_file_per_table = 1
innodb_open_files = 400
innodb_io_capacity = 400
innodb_flush_method = O_DIRECT
innodb_buffer_pool_instances = {{ innodb_buffer_pool_instances }}
aria_pagecache_buffer_size = {{ aria_pagecache_buffer_size }}
#

5
roles/nginx/templates/vhost.conf.j2
View File

@@ -26,7 +26,12 @@ server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
{# Allow sites to override the nginx document root #}
{% if item.document_root is defined %}
root {{ item.document_root }};
{% else %}
root {{ nginx_root_prefix }}/{{ domain_name }};
{% endif %}
{# will only work if the TLS cert covers the domain + aliases, like example.com and www.example.com #}
server_name {{ domain_name }} {{ domain_aliases }};

4
roles/php-fpm/tasks/Debian_10.yml
View File

@@ -9,9 +9,6 @@
- php-mysql
- php-gd
- php-curl
# for Piwik
- php-mbstring
- php-xml
- name: Install php-fpm and deps
apt: name={{ php_fpm_packages }} state=present update_cache=yes
@@ -32,5 +29,6 @@
template: src=php7.3-php.ini.j2 dest=/etc/php/7.3/fpm/php.ini owner=root group=root mode=0644
notify: reload php7.3-fpm
tags: php-fpm
when: (item.has_wordpress is defined and item.has_wordpress) or (item.needs_php is defined and item.needs_php)
# vim: set ts=2 sw=2:

4
roles/php-fpm/tasks/Ubuntu_18.04.yml
View File

@@ -9,9 +9,6 @@
- php-mysql
- php-gd
- php-curl
# for Piwik
- php-mbstring
- php-xml
- name: Install php-fpm and deps
apt: name={{ php_fpm_packages }} state=present update_cache=yes
@@ -32,5 +29,6 @@
template: src=php7.2-php.ini.j2 dest=/etc/php/7.2/fpm/php.ini owner=root group=root mode=0644
notify: reload php7.2-fpm
tags: php-fpm
when: (item.has_wordpress is defined and item.has_wordpress) or (item.needs_php is defined and item.needs_php)
# vim: set ts=2 sw=2:

4
roles/php-fpm/tasks/Ubuntu_20.04.yml
View File

@@ -9,9 +9,6 @@
- php-mysql
- php-gd
- php-curl
# for Piwik
- php-mbstring
- php-xml
- name: Install php-fpm and deps
apt: name={{ php_fpm_packages }} state=present update_cache=yes
@@ -32,5 +29,6 @@
template: src=php7.4-php.ini.j2 dest=/etc/php/7.4/fpm/php.ini owner=root group=root mode=0644
notify: reload php7.4-fpm
tags: php-fpm
when: (item.has_wordpress is defined and item.has_wordpress) or (item.needs_php is defined and item.needs_php)
# vim: set ts=2 sw=2:

10
vars/Alpine.yml Normal file
View File

@@ -0,0 +1,10 @@
---
# sshd service name is `ssh` on Debian/Ubuntu, but it's
# `sshd` on CentOS and Alpine
sshd_service_name: sshd
# provisioning user vars
provisioning_user: { name: 'provisioning', home: '/home/provisioning' }
# vim: set ts=2 sw=2:

2
web.yml
View File

@@ -6,7 +6,7 @@
become: yes
roles:
- common
- mariadb
- { role: mariadb, when: mariadb_databases is defined}
- nginx
- php-fpm
- munin