alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

Compare commits

base: alanorth:e7d5cb1edbc2acdc5a274d335b4bb66cb9f4a497
Branches Tags
alanorth:master alanorth:alpine
...
compare: alanorth:alpine
Branches Tags
alanorth:master alanorth:alpine

25 Commits
e7d5cb1edb ... alpine

Author SHA1 Message Date
Alan Orth
4846cbd968 roles/common: Add firewall task for Alpine 2021-02-13 12:18:58 +02:00
Alan Orth
aa63f5946c roles/common: Add TODO about tarsnap on Alpine 2021-02-13 12:18:58 +02:00
Alan Orth
53d574dd12 roles/common: Add Alpine packages 2021-02-13 12:18:58 +02:00
Alan Orth
92c23bc2b5 roles/common: Use chrony for NTP on Alpine 2021-02-13 12:18:58 +02:00
Alan Orth
e93b8af949 Add vars/Alpine.yml 2021-02-13 12:18:58 +02:00
Alan Orth
dd04238a83 host_vars/web19: Add dev domain 2021-02-13 12:18:31 +02:00
Alan Orth
efdbeb75ea host_vars/web19: WordPress 5.6.1 2021-02-13 11:48:21 +02:00
Alan Orth
cd4411260c roles/common: Update list of abusive IP addresses 
This comes from the AbuseIPDB with a confidence level of 95%. I use
the following command to download and sort the IPs:

  $ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \
    confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \
    -H "Accept: text/plain" | sort | sed -e '/:/w /tmp/ipv6.txt' \
    -e '/:/d' > /tmp/ipv4.txt

I manually add the XML formatting to each file and run them through
tidy:

  $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml
  $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml
 2021-02-07 15:56:33 +02:00
Alan Orth
8cb232a765 Pipfile.lock: Run pipenv update 2021-02-07 15:53:10 +02:00
Alan Orth
d4ca119265 Pipfile.lock: run pipenv update 
Minor Ansible update
 2021-01-27 11:06:12 +02:00
Alan Orth
f72f8c7a8d host_vars/web19: Remove piwik nginx host 2021-01-06 09:07:41 +02:00
Alan Orth
d7fa1697a1 host_vars/web19: Remove piwik database 2021-01-06 09:00:54 +02:00
Alan Orth
b0420d2adb roles: Remove mentions of Piwik 
I never check the damn analytics stats and the database is huge.
 2021-01-06 09:00:18 +02:00
Alan Orth
c70ebba151 Add host_vars/web20 2021-01-01 19:55:14 +02:00
Alan Orth
ac860e72f2 roles/php-fpm: Only run PHP tasks if we need them 2021-01-01 19:54:12 +02:00
Alan Orth
101c05d248 web.yml: Only run MariaDB role if it is needed 
Not all web hosts need this. Some are static sites, for example.
 2021-01-01 19:28:40 +02:00
Alan Orth
1b75679496 roles/mariadb: The service is mariadb 2020-12-29 11:25:30 +02:00
Alan Orth
ebf4a4c2ac roles/mariadb: Disable name lookups 
Add skip-name-resolve=1 to disable lookups of hostnames to IPs. We
need to make sure all accounts are using IPs like 127.0.0.1 instead
of "localhost" now.
 2020-12-29 11:19:01 +02:00
Alan Orth
57a83cef26 roles/mariadb: Tweak temp table size 
mysqltuner.pl said:

    When making adjustments, make tmp_table_size/max_heap_table_size equal
 2020-12-29 11:10:31 +02:00
Alan Orth
8ee52143fc roles/mariadb: Disable the query cache by default 
It seems that the usefulness of the query cache is diminishing in
recent years. If your cache is large then the time taken to scan
the cache can be longer than the SQL query itself.

See: https://haydenjames.io/mysql-query-cache-size-performance/
 2020-12-29 11:07:33 +02:00
Alan Orth
67a18c4f49 roles/mariadb: Reduce key buffer size 
mysqltuner.pl shows currently 6M out of 33M being used.
 2020-12-29 10:58:12 +02:00
Alan Orth
b8428e67a8 roles/mariadb: Install MariaDB 10.5 2020-12-29 10:41:27 +02:00
Alan Orth
e18529e6e1 roles/mariadb: Update service name 
As of MariaDB 10.5 the service name and binaries have changed from
mysql, mysqld, etc to mariadbd.

See: https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/
 2020-12-29 10:40:13 +02:00
Alan Orth
89db1449d1 roles/mariadb: Fetch signing key from mariadb.org 
I downloaded the key and checked the fingerprint with gpg:

    $ gpg --dry-run --import mariadb_release_signing_key.asc
    gpg: key F1656F24C74CD1D8: 6 signatures not checked due to missing keys
    gpg: Total number processed: 1
 2020-12-29 10:36:33 +02:00
Alan Orth
6660a0cd36 roles/mariadb: Remove innodb_buffer_pool_instances 
This was deprecated in MariaDB 10.5. The setting is now ignored and
will be removed in a future version.

See: https://mariadb.com/kb/en/changes-improvements-in-mariadb-105/#innodb-removed-or-deprecated-variables
 2020-12-29 10:18:23 +02:00
19 changed files with 7158 additions and 7020 deletions
Expand all files Collapse all files

79
Pipfile.lock generated
View File

@ -18,17 +18,17 @@
"default": {
"ansible": {
"hashes": [
"sha256:98e718aea82199be62db7731373d660627aa1e938d34446588f2f49c228638ee"
"sha256:ae97002e4fb1ed3de947428ff43906c76c66751fe104721cf6b25fa115dbbe8d"
],
"index": "pypi",
"version": "==2.10.4"
"version": "==2.10.6"
},
"ansible-base": {
"hashes": [
"sha256:d4dad569864c08d8efb6ad99acf48ec46d7d118f8ced64f1185f8eac2c280ec3"
"sha256:33ae323923b841f3d822f355380ce7c92610440362efeed67b4b39db41e555af"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
"version": "==2.10.4"
"version": "==2.10.5"
},
"cffi": {
"hashes": [
@ -48,6 +48,7 @@
"sha256:6bc25fc545a6b3d57b5f8618e59fc13d3a3a68431e8ca5fd4c13241cd70d0009",
"sha256:798caa2a2384b1cbe8a2a139d80734c9db54f9cc155c99d7cc92441a23871c03",
"sha256:7c6b1dece89874d9541fc974917b631406233ea0440d0bdfbb8e03bf39a49b3b",
"sha256:7ef7d4ced6b325e92eb4d3502946c78c5367bc416398d387b39591532536734e",
"sha256:840793c68105fe031f34d6a086eaea153a0cd5c491cde82a74b420edd0a2b909",
"sha256:8d6603078baf4e11edc4168a514c5ce5b3ba6e3e9c374298cb88437957960a53",
"sha256:9cc46bc107224ff5b6d04369e7c595acb700c3613ad7bcf2e2012f62ece80c35",
@ -93,11 +94,11 @@
},
"jinja2": {
"hashes": [
"sha256:89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0",
"sha256:f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035"
"sha256:03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419",
"sha256:a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
"version": "==2.11.2"
"version": "==2.11.3"
},
"markupsafe": {
"hashes": [
@ -106,8 +107,12 @@
"sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235",
"sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5",
"sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42",
"sha256:195d7d2c4fbb0ee8139a6cf67194f3973a6b3042d742ebe0a9ed36d8b6f0c07f",
"sha256:22c178a091fc6630d0d045bdb5992d2dfe14e3259760e713c490da5323866c39",
"sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff",
"sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b",
"sha256:2beec1e0de6924ea551859edb9e7679da6e4870d32cb766240ce17e0a0ba2014",
"sha256:3b8a6499709d29c2e2399569d96719a1b21dcd94410a586a18526b143ec8470f",
"sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1",
"sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e",
"sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183",
@ -116,35 +121,50 @@
"sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1",
"sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15",
"sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1",
"sha256:6f1e273a344928347c1290119b493a1f0303c52f5a5eae5f16d74f48c15d4a85",
"sha256:6fffc775d90dcc9aed1b89219549b329a9250d918fd0b8fa8d93d154918422e1",
"sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e",
"sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b",
"sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905",
"sha256:7fed13866cf14bba33e7176717346713881f56d9d2bcebab207f7a036f41b850",
"sha256:84dee80c15f1b560d55bcfe6d47b27d070b4681c699c572af2e3c7cc90a3b8e0",
"sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735",
"sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d",
"sha256:98bae9582248d6cf62321dcb52aaf5d9adf0bad3b40582925ef7c7f0ed85fceb",
"sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e",
"sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d",
"sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c",
"sha256:a6a744282b7718a2a62d2ed9d993cad6f5f585605ad352c11de459f4108df0a1",
"sha256:acf08ac40292838b3cbbb06cfe9b2cb9ec78fce8baca31ddb87aaac2e2dc3bc2",
"sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21",
"sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2",
"sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5",
"sha256:b1dba4527182c95a0db8b6060cc98ac49b9e2f5e64320e2b56e47cb2831978c7",
"sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b",
"sha256:b7d644ddb4dbd407d31ffb699f1d140bc35478da613b441c582aeb7c43838dd8",
"sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6",
"sha256:bf5aa3cbcfdf57fa2ee9cd1822c862ef23037f5c832ad09cfea57fa846dec193",
"sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f",
"sha256:caabedc8323f1e93231b52fc32bdcde6db817623d33e100708d9a68e1f53b26b",
"sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f",
"sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2",
"sha256:d53bc011414228441014aa71dbec320c66468c1030aae3a6e29778a3382d96e5",
"sha256:d73a845f227b0bfe8a7455ee623525ee656a9e2e749e4742706d80a6065d5e2c",
"sha256:d9be0ba6c527163cbed5e0857c451fcd092ce83947944d6c14bc95441203f032",
"sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7",
"sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be"
"sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be",
"sha256:feb7b34d6325451ef96bc0e36e1a6c0c1c64bc1fbec4b854f4529e51887b1621"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==1.1.1"
},
"packaging": {
"hashes": [
"sha256:24e0da08660a87484d1602c30bb4902d74816b6985b93de36926f5bc95741858",
"sha256:78598185a7008a470d64526a8059de9aaa449238f280fc9eb6b13ba6c4109093"
"sha256:5b327ac1320dc863dca72f4514ecc086f31186744b84a230374cc1fd776feae5",
"sha256:67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==20.8"
"version": "==20.9"
},
"pycparser": {
"hashes": [
@ -164,21 +184,30 @@
},
"pyyaml": {
"hashes": [
"sha256:06a0d7ba600ce0b2d2fe2e78453a470b5a6e000a985dd4a4e54e436cc36b0e97",
"sha256:240097ff019d7c70a4922b6869d8a86407758333f02203e0fc6ff79c5dcede76",
"sha256:4f4b913ca1a7319b33cfb1369e91e50354d6f07a135f3b901aca02aa95940bd2",
"sha256:6034f55dab5fea9e53f436aa68fa3ace2634918e8b5994d82f3621c04ff5ed2e",
"sha256:69f00dca373f240f842b2931fb2c7e14ddbacd1397d57157a9b005a6a9942648",
"sha256:73f099454b799e05e5ab51423c7bcf361c58d3206fa7b0d555426b1f4d9a3eaf",
"sha256:74809a57b329d6cc0fdccee6318f44b9b8649961fa73144a98735b0aaf029f1f",
"sha256:7739fc0fa8205b3ee8808aea45e968bc90082c10aef6ea95e855e10abf4a37b2",
"sha256:95f71d2af0ff4227885f7a6605c37fd53d3a106fcab511b8860ecca9fcf400ee",
"sha256:ad9c67312c84def58f3c04504727ca879cb0013b2517c85a9a253f0cb6380c0a",
"sha256:b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d",
"sha256:cc8955cfbfc7a115fa81d85284ee61147059a753344bc51098f3ccd69b0d7e0c",
"sha256:d13155f591e6fcc1ec3b30685d50bf0711574e2c0dfffd7644babf8b5102ca1a"
"sha256:08682f6b72c722394747bddaf0aa62277e02557c0fd1c42cb853016a38f8dedf",
"sha256:0f5f5786c0e09baddcd8b4b45f20a7b5d61a7e7e99846e3c799b05c7c53fa696",
"sha256:129def1b7c1bf22faffd67b8f3724645203b79d8f4cc81f674654d9902cb4393",
"sha256:294db365efa064d00b8d1ef65d8ea2c3426ac366c0c4368d930bf1c5fb497f77",
"sha256:3b2b1824fe7112845700f815ff6a489360226a5609b96ec2190a45e62a9fc922",
"sha256:3bd0e463264cf257d1ffd2e40223b197271046d09dadf73a0fe82b9c1fc385a5",
"sha256:4465124ef1b18d9ace298060f4eccc64b0850899ac4ac53294547536533800c8",
"sha256:49d4cdd9065b9b6e206d0595fee27a96b5dd22618e7520c33204a4a3239d5b10",
"sha256:4e0583d24c881e14342eaf4ec5fbc97f934b999a6828693a99157fde912540cc",
"sha256:5accb17103e43963b80e6f837831f38d314a0495500067cb25afab2e8d7a4018",
"sha256:607774cbba28732bfa802b54baa7484215f530991055bb562efbed5b2f20a45e",
"sha256:6c78645d400265a062508ae399b60b8c167bf003db364ecb26dcab2bda048253",
"sha256:74c1485f7707cf707a7aef42ef6322b8f97921bd89be2ab6317fd782c2d53183",
"sha256:8c1be557ee92a20f184922c7b6424e8ab6691788e6d86137c5d93c1a6ec1b8fb",
"sha256:bb4191dfc9306777bc594117aee052446b3fa88737cd13b7188d0e7aa8162185",
"sha256:c20cfa2d49991c8b4147af39859b167664f2ad4561704ee74c1de03318e898db",
"sha256:d2d9808ea7b4af864f35ea216be506ecec180628aced0704e34aca0b040ffe46",
"sha256:dd5de0646207f053eb0d6c74ae45ba98c3395a571a2891858e87df7c9b9bd51b",
"sha256:e1d4970ea66be07ae37a3c2e48b5ec63f7ba6804bdddfdbd3cfd954d25a82e63",
"sha256:e4fac90784481d221a8e4b1162afa7c47ed953be40d31ab4629ae917510051df",
"sha256:fa5ae20527d8e831e8230cbffd9f8fe952815b2b7dae6ffec25318803a7528fc"
],
"version": "==5.3.1"
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
"version": "==5.4.1"
},
"six": {
"hashes": [

221
host_vars/web19
View File

@ -1,112 +1,111 @@
$ANSIBLE_VAULT;1.1;AES256
34636661633964333963313436313765666332666339336233356538653664643432383732356635
6137633362376666343931393930636336616335666161310a626439616637643531363739646536
34393135666639636161633566313264336363646666323963366331616362383436396462376631
6666356161386237370a633463353738626131353263353337376638353465383330393062336464
36633930623933616135653439626466653930336366666265313566653839346237333966353036
61376564656539326535393830373634343237663865326635363364663230356434376437356665
35633762663036623831373465363836646366616330633962383538393965333832366433363866
63333337356132323630656538666635333234343838306330646361623833353336326132643238
61383337373666313364656333326264633763633062636265396637656630373033363133663834
63656333313161666566333131333534306133653365636164656139313531623439373639363234
38636265613337323733323364373832656465653266363334306133613035393937333539643736
35363231663662366633373264663636333735643064316262646436616139643364616534316462
64383734326132663734383435653034663061393561313438363934313661613463346338616466
64616565623136316261366563356538313532336439373031646561336631633830323437303632
61333761663538333762333736323865376365333963346331313432633862363436366366643235
34653832666362643162643136656132336465643966336438316563643161636136343536653932
39626335376338313334663564363863646563336435343162623562653431663432306537616161
35623865343833343863336664383163636430396637346639653738613739333961613938633032
34396462313033323061353639643465386433613734313664663336613833323764653635336233
63646362323362643936313330636131346562323233393036323036656465656662353163386665
66333036396161356539346330306165613438386438623732636634353365303836373565396364
34393336626166613465353833613031656537383730623761653333313332356164356534313031
36376139383065313563303962313664636361376631383335343131336139303233326162306633
39393432303839613133363231336665353636366165333564313330663763303233343462646664
38653936383566623461386536333836353833303764393663393066363234336537613331623363
31353338323164666265613464643532663938363064626431383938393136396361653464643730
31663838343030313930396632306136646335306562326561353237636266326464663464633166
65306661346438626332343864646534336435653239623135346639303330313330333362353039
63613266636563616265333534346164333134316537356138323632666138336362356664613734
62356266376135353636343362336135623662376361343766663034363765376130613730386236
39343638303732613635376530633231376534643266333031653233656361353439303334313238
31353431323133666439663835346230333665326561383339616532373036346366653332663539
33343034653633303432343731376538646263336436323438303961663730666438333435343362
33616230643863313465363562393263323633666232653839356636313264353365633765613865
65643862366464383233346239653431383439303439353838333864653433353165383533393437
37616436376633313633383866363830303536326435656366613638653064376433393730396466
31613137366538643636303964373339383466373734636235393030333461366466373963373962
61663661663936366233613762353462656664326566333734383466316336623636383733616130
33653662626134356232373438653937646234356630393732393533653430386464313134393037
31633330663531343833313265666237616164383561363063643866633930656630663866313630
38383932393132366231333932663765623662396266363362376135383064303265653733363763
61346230386231393165663062643464313436313635343933363133663463636366363135323430
66643461396237656336643062643166313335663261633964663935333034613034393864656635
34363936393538316364323836623939633330393130323631376265346439353438396433333231
64623635343439646466333234643835613365663633373365656439333563663337623537393830
63386436613963323938643030633435623563636265326463313534353664613930336437643939
37383835343636316230323765303539383933623637396461666666663462316338663835646564
39613362353764663939626631363862373235303462376532303131626431646165363730323035
36343734383536653166616564336431346236623266306661346536623263316332666661333837
38373765393435363030303362383362396532626130353036376237633030313336666663636562
33313262613332386365383861393261386333396530386565623537643330363135323039616563
65376163333963326234653535316235363339656236396465373435343138323765643566393432
39366231376364633836356230353538343030303533356130653864346336633238303264306130
35306130616464396439656432313930653161393262356333323066343065343264356163613761
32656631636237303031313366653065323463343039303132396639653866376563393132636437
62396236363835383533306265646162666339623966656465396630633931396262333432653730
37643864643066623662616331653734343765323362326366623238333732316235643435303961
36636565636539663163336166633363376438303364633034306330393630653835613465353663
65393961356539653164343231663836366363663637643834633066663562366465316562356537
33383039343764343933383937363361386235643163363934396666353864323865666434653935
62633134643536653138316230346431643636623966643833646131633336346263653665343533
65626235646337623832663764363832303232333936363034616535636530303231653530643564
35363963393030333432326562636338343664353132343731323137303965613239613663323631
32316534636238373037303830313530323130363964616161333832343963646262373065663138
39343363663131386564626263353233353230386266343232303361316630333835636137306332
30343836623636633966666434326539356233643234356333376633303230306235623564326166
33386361336163626430376139656335656230636337306133326339663532313131633931383934
66316531643266383436386537663239623533636362323031366135656539613734316339383964
61383837643663373162623763353335326636366164616261623231353538653862366565326463
35633639363238653261303834303835346361623766636631616538353036356230316161626261
66663736373838303265336339383230343563336664383737623865653133343034373862373865
33626232663637313539663564623837336539366138393562383532636164633433353565666239
38636637633665303032646437663862346365333231373161353464633438313032636331303263
65623438666439333239646261613631363664356537396163353532393532343561383966353438
35376336613133633261656364623436643939323166373362346230316336343166663762636336
31396465366263633435616463396530343830393361323738616330393766656237373862323066
66663337366137363362383934373763373634363763633538363461316134616530386131316261
64643862373831343234356532376265633362633961313163333738353730643237316539333234
61343738656138353264376465636332376562303631643665636539323439373764393239353837
63613264653064333537363436383861656430383430366462323764636564643264633962336162
63643532626333656132393362376131396535623762646132356637343738633130303936663038
64643337373232356238616233343564316134343939326135653164613536646336353965323762
39346463353130376335346165346235366538356137646366383336313630653366336165613530
36653962326265643962653464623061376432636632343732616637393963663937383932313138
35353837373261646161663838633862663333656237353733303033663364373237623765393661
36333662373237646466333062306133303637363862333839653663346530353162356562343134
30326461343432653332396464333062666536623964363465663639643464393437646638326537
33323830633235313030616139363663373565343836616530623732316133613035626430363839
30613733656563323034383061303837323338393866363364393832306139396337323636613032
30383966663765303564356263363038383864613965306163326432323663396134326431353732
39663130346337323464396634623831626466616361343834656238326138666266363861306339
61393334646432373038373235363735623733346635653934303135346534343133653762613362
39643632663337326232316162396463663638303863616635633737326166313933396337376433
38383731373536316361303430313730656364633032396135356665366538623032656234343436
38653935636565313237326631383135366261363064613937306135643336343636386165626137
34346161366564323131343538316338633162333434646666666334316439653434623237393737
65613231316165666330373734366234646366313131633030373839353733323936336461366665
39643161373963646130656636326130613131316263333632356338303863343739313232626530
36343165396239616662386263363238393130333431303230303831653130343031353263623039
37393766616232363465356437366639396264313062643935363437373636623566343463303736
39393166323638663032633064646638306230313061626366306439353236623862393837366666
37303366333861643664383662303433353263303831313636653933366137623033656139373338
39646564373762303238346665373732633534333137376231666262623862333361636236386263
62383538343361363132616231663233323562323964383964346531343530643965366439393163
65383534356234383162656138313763613636323439386234386463336139653233323862633739
30613837363135666564393834383233353937346163303764393131663863396631373232616237
38373865383832356536343633373764313839626233666130323364303632323066636661353764
65636138646335313831313032653163633831373736653036326136353239613463376262333530
39383434643538316163643934396265353962616537633161663233633966656265646563373333
63626533333030353434316364653833333161366663343030326636313530316430356363396434
346338653161323532663932626435323866
66313066303030333063353236313063303262626561316535646263633936336534356437353265
3432356362393665303438333166643066666164363861610a643434356531666366393936353233
37353036656435616361613164323038663364666464373964653337396465373061666533373938
6536323936393135370a666134613830306533623365363933376631313534326265666634366235
36623637383636396437333735336238343434353733303764326237303033303562353237353165
31653866633363623764353533356262643239613531643039393335313731383038343638663830
36356139336363343437666230656366636132613531613339353962373435643563313734646135
61613330323938363063313430343738306536636233353963636665393132643162303562666531
61343365326634303730656133633632353936386431303631363731313730666132656334353731
33616537313230666462653165643535386134663166346262363535383365616431613838383863
65326163303966373938653033613238326634393166643630316230613065353437306237313933
65366131396266393236373162343866383565633030356465613461353131643562343630336566
30633534636634616666616462383136373830623137396366626639373230373834316563343464
38303333366166323238346237646165383633383264333431663530326462323432366332333630
62633132666439313034616465663861323064646564303963633565353734353665313138373636
34653639353333373737613238626535356333633833363737646330643163326131386364646365
64356435636635663737376239313236356361363061313731626230366336326535663866373231
37623262613135636538343934336262633662383266653238613965356639626339303437306633
38373837653737313465376231363637353561303937336138343465376638326163643065336462
61633236373737363633646135396565303835643336393763393933613964663435306336346636
38316231383363616533616437366362376664393135623765646330323161366134323263376466
31386332333565643764343863353039313466643962373736643533666562353766383862326134
31633366636365313231366337313334333130373833656135396262373136393135353039623739
63626463636237633963323739303961663632376330336236663134666461383965303861333835
38663337393930383834653936636365663966333033346562356331306430306338333761353762
38363733356262363161353135633836336363376232326261623264623338663230663838386330
35353762393839646338366365313763346339666433306532353530353261363838356639623436
62306437616630663039653862393466353933333763386163373035373335343834663439633039
34613463303436366631396462363866656533343063356265333539353038326637613063326164
62663833363165643436343538666565386561383335393964313839626237623031343564656632
35613534636437306463373466653431336562303132313462326233663561343837323331353035
33303336356237306464363564666136633230396635623066376564373737353335356432343231
66633735316466633039663338316566343739373664316335366462356237366139363731643366
33353039373665333232383235303932623435366638313465396333316565646134343463336330
65306334623631386364353364313638643930306265343363666366663164643435333834376439
64396434366362343733323366343232653930646565313762376436663965626562636238623066
63303236326362323966666630343136336563343564393833636465333832396666396638653661
61323561393563326437386462656266303830353730313839613136656331323938616631386235
30633730303838313038313263363363633136623861326662623366613461343133356261633030
34333732343037396131343764366535343639326333353036353038656533333339306363653435
39656166393265356338656631353065653630303237663761386332323530663966343864663438
65356365386131333236396234623537323062363539383061323832363563326435306465663234
66316638376436613265353662646264666138666165343763393330613765346163356138616633
66373338393163333435666236386239663735653135386532633135646539316665313036323763
38666464363432656534313263306266323066646133353765386463343264633131633936373036
31326138633131393962633861333036373537366163613562383033336333616130636435326331
66653766653065306164613335623933616135393335383438356337633239363131303237653566
62636263383236656136376237646363363234363232643636623333396531363461303538373662
36313537393238626337613964623731666261316366346666323261386661643035353164613637
32303061336363306335306431613263646266303038323739636662326465303961616339333461
65626263366333333562386461636231636438623966626136663932303035343531363234356663
37313661353764343764396666633666613238323638646233353138383638353938303933396431
65366564353533363039383838313562663561633434393833636365303561333534393930653630
63663464613334623864313663383630353166363862373132343532393135313666626464376436
34616566663764363566663530646638363338653538353661393835383035346236646233363564
34656165303737326261353032363435333731363031343366353863313138653865346535636564
31393134336534616161303132353764343833636465356661376638633163643739383830616534
65386262663734356134303039623265303935363764623537326565633030613465666435636232
61623334393734616262613232306339396639643636373762653738333463616361653430656438
63316265303634323033303330353232636136333863366261656532383065313334386335666636
34303564636333356364663565333932343064333266383638663365366636643866353132373966
66336563346233656531643735663062393630616537656264323136353266623161353261333239
33636563376566333331366336353338343730383962653138636535623039643461303763333961
63373264333037653563643937373664373665343136396635316634613632653232353033666266
31333064623765326536386630353435333438326232633565663531303730636530386564366633
63326335333639376266396562343838636430643664303737373565363635643037616231393665
36636337633564373561343266666632656235646662633965663733383731633832373334646335
34396163636635633637393834396566663062633135383330396564656536333330623737636332
36646362623131366166626639386238616566323135323334636638393934663336663532306336
38396634393433623963316261303061616634333566306239366666373238376466633166623464
33313538663838373465626638316432613135386262376233633362616463623363646433353666
32633838303837656335333336353564343461373236353736623032663139333338646463323533
65326131616433666563343163663462393235366135633661366564623662303932626164366632
38306430356238633162656337303536663065653639353562343965663366373861646162653562
62306236326163393336643232663336656637623539353835613536653164393038623966316433
32623462343037616465623736306530633736623061343430356638633530313331306363323837
63396263393136363137643632623938316363386238346237333862303735363065386633366263
31313834646239323631393335633534383930373630663538653864383930666465653731616263
35333830633430343436646266663231303466343138643338343634346133613666613734313037
34383931643631633539346262653631336565623366343564303332333831346436373162356362
66383864313732303962653662333036373239343335623765616536306465623030393138663838
30313861636631393462653836626164373034666533323338383262393132396436666639363262
39356132343939366534666665393231346566663432653236376333323363643166393431316161
33343666316138353333346263346266343731613065356631336231373266343338393939663038
35343235393563623434313266306163323266346662623063353631663433646436613130636663
38356335616438633638383236333131663163613436303934386335363432323063303234383331
34636432653262643438653931313233626462623034346137303738643932353334373531303439
30366233373535343431373365393566383538363763313036623262343066346236303061326631
64376463336538363132656464666365343861393330313637356237666361343666633436346534
33636332386336646333616330613738343264626438613135313962336534373130316330366233
30316333636564326165663565666361643430656366393939616538323530383632636661326331
35366663646533313034333764626237623637363164356163636432653765656439326438383134
62623638633934336334393636333336633164343066336161333138653637333435306230653865
35363032393633623331363933373463623032333361616365373037666333643634343963663835
34363033363731346663643363383965336536353332646262326136353965353137383737336165
33613733656463376333376264633935373239363337323538356636636439393564373332323031
31623733663530326632373235313830396133373430613061613438653336653462316336623438
30343032346133363830656231663966653734326635333831626639393666303033653437326238
65333566643066393331323466366662383135383734313537663664376161323265613436653535
63643832616663303632623433636161333339376635333635626137326662396562633830343337
65376165376564396433343736313134656332383533356138383039386266636238613936653962
32373337346335383136303838343034376432363436356465613836366230313463303239373531
65383334646431346565656638353537333765623430333133663663326134646566306137643663
65643338386439666636376461356466396261326165333030623633613364343631343830653939
64323266626131666332666433386434313936306361633164373532626231366234623735333932
62306362346164336433336139313561366162303666353635653634396139313734626463663735
38306466626237626634666138363665326636316563356431333432313534363638613833613539
38306237353764376462323238663034646662393433623830616361623735343162666465626230
30633731323939633265323338373537383261333235303262633336636433316339383433653861
3861653261646632636364623830626561393864666135346634

49
host_vars/web20 Normal file
View File

@ -0,0 +1,49 @@
$ANSIBLE_VAULT;1.1;AES256
30313139316131383630353236343338323465653163323838616464396137656365393639613766
3733323562386139353933626339663039653437363037350a356263643762313634613736356363
30383534346664353030346233653163616330376562346164613731346566393330623165306234
3833306632616536650a386239363931326463663665346363313462646464646632643961343631
63393164366163353461633038653833623963363233396464663839653330386231303461636564
39613265343765323636373736646462333665303333373737633632346465343439386335623334
35333933363966623730643632313361356661303562393535646230626639363335623861323033
32356664663539343262336535623233326234356463373031356361633536366430346338393831
34666232373761643430356662653431646661646165663134633135663933616262393763356133
61323063383036313166643866303136656164386239326437303238623338306433633762303630
39396438396639666433376533333765313431383862383031333031616334656136643262636438
65626565333939616631336237633063396430376434626437313666646165333239376463383837
64656635343661353735666666306134653530303033326662613230663061613034383461326534
65306131326634643732326530336136623731663336656138383635383730653633373737386335
31316136643634613536366439393565633964643735333336613865366138396539663534646435
61626530353836366337643062366532323538326161633137353336626537633739393464646632
32343730356362393336313535303034363531373961616265623934393161306261663562653464
63336164366531636130343939353235343261316534613665316363346266396332633763346536
65633038366530356138373661306234316161343762343638366639653132333438613766343939
61316232386465643236326430396130333831666363313032623537383032646663396239663338
38313939306465353033663066633435626635353138336330336333616231363634653665386532
65326463663933343966356437353433313565316139366365323934643131346636323737626437
36343435643231366663323134656561666133303030383734316237386532396662366461646365
38303434363763363866383761386535383262323432333730323236353439653163613966333032
39306533333132373736313834326464643134393432303537643835336438393461663233333239
32333365663337653436303662393263366161326465663036373934373764363438656436666232
32326134393161656133613266633966396663353631616537363361396537623164373964636666
61613731306333303336316337343635316134363431646433333932633336363065393637343030
39366537656430663932616335323661316533643763643161613463646363656232346333303331
38363234333261653135316266313736366439343138666165366533353035613731633466396363
31663166336431653461663463383333623664356365396230353130386138363261356331663965
66636338336466366132633437396535643736333733633430373964343533366338666532346263
38353233303437663339616532636662373761393461666439663133373633653139613531393738
32383937373833323938356333343963306534633734393162363965356163643862643037636231
65366461663161353939633866323162613761663836626232346236343263386364303233313161
32313265366562313731656630393166336662616661313964666661616439343265383566383332
33386266366534383934363839636636316532613133636664323136373130363534333531613663
35333964626634643135663639373339626335643366333766386631363439393435626439636166
37616339313336656634393538323935383964343437646433636636383061366437386330643334
34383237353036396563643730373663383165623633326336313031326435623538376130393130
64636538663963303938623866626431313238646465633437333863363865666435636564323764
39303638663830656162393836366262663161633763656630663434386435643462353661353035
63336461333464363838313765653037393964633536636435666162346461633561386364333966
32623761373435366665363239626632646364323934383163346637356562653332373536343462
31323036356132373930656364393061306130353632623661663032343230633635336664376134
38363239396139333230346138386337313364353934396362373233376266383537346431653234
34323835306165613739383336303964656565373636343639303831386466623031396665343234
33373164663339653839

13699
roles/common/files/abusers-ipv4.xml
View File

File diff suppressed because it is too large Load Diff

9
roles/common/files/abusers-ipv6.xml
View File

@ -3,9 +3,12 @@
<option name="family" value="inet6" />
<short>abusers-ipv6</short>
<description>A list of abusive IPv6 addresses.</description>
<entry>2001:41d0:a:3307::</entry>
<entry>2001:41d0:1:f934::1</entry>
<entry>2001:41d0:602:238d::</entry>
<entry>2001:41d0:a:2a31::</entry>
<entry>2400:6180:0:d1::476:7001</entry>
<entry>2402:1f00:8001:8bd::</entry>
<entry>2604:a880:800:10::5bf:2001</entry>
<entry>2607:5300:120:878::</entry>
<entry>2a03:b0c0:3:d0::d4d:b001</entry>
<entry>2a00:d680:20:50::bcb2</entry>
<entry>2a02:2168:a01:33ee::1</entry>
</ipset>

15
roles/common/tasks/firewall_Alpine.yml Normal file
View File

@ -0,0 +1,15 @@
---
# TODO: configure awall (ipsets?)
# TODO: configure fail2ban
- block:
- name: Set Alpine firewall packages
set_fact:
alpine_firewall_packages:
- awall
- fail2ban
- name: Install Alpine firewall packages
apk: name={{ alpine_firewall_packages }} state=present
# vim: set sw=2 ts=2:

5
roles/common/tasks/main.yml
View File

@ -17,6 +17,11 @@
when: ansible_distribution == 'Ubuntu'
tags: packages
- name: Install common packages
include_tasks: packages_Alpine.yml
when: ansible_distribution == 'Alpine'
tags: packages
- name: Configure firewall
include_tasks: firewall_Debian.yml
when: ansible_distribution == 'Debian'

5
roles/common/tasks/ntp.yml
View File

@ -1,6 +1,7 @@
---
# Hosts running Ubuntu 16.04+ and Debian 9+ use systemd init system and should
# use timedatectl as a network time client instead of the standalone ntp client.
# Alpine can use chrony.
- name: Set timezone
when: timezone is defined and ansible_service_mgr == 'systemd'
@ -15,4 +16,8 @@
apt: name=ntp state=absent update_cache=yes
when: ansible_service_mgr == 'systemd'
- name: Install chronyd on Alpine
apt: name=chrony state=present
when: ansible_distribution == 'Alpine'
# vim: set ts=2 sw=2:

28
roles/common/tasks/packages_Alpine.yml Normal file
View File

@ -0,0 +1,28 @@
---
# requires: ansible-galaxy collection install community.general
# TODO: configure tarsnap
- block:
- name: Upgrade base OS
apk: upgrade=yes update_cache=yes
- name: Set Alpine base packages
set_fact:
alpine_base_packages:
- git
- tmux
- htop
- strace
- mosh
- vim
- unzip
- zstd
- name: Install Alpine base packages
apk: name={{ alpine_base_packages }} state=present update_cache=yes
#- name: Install tarsnap
# import_tasks: tarsnap.yml
tags: packages
# vim: set sw=2 ts=2:

15
roles/mariadb/defaults/main.yml
View File

@ -2,11 +2,10 @@
# file: roles/mariadb/defaults/main.yml
#
# Based on my running of mysqltuner.pl on a host with three WordPress databases
# and a Piwik instance monitoring three sites.
#
# default is 128MB but is a waste because it seems only the mysql table uses it
key_buffer_size: 32M
key_buffer_size: 8M
# default is 128MB but is a waste because it seems only information_schema uses
# AriaDB, see: https://mariadb.com/kb/en/mariadb/aria-system-variables
@ -15,10 +14,6 @@ aria_pagecache_buffer_size: 8M
# default is 128M, but set to at least the size of your InnoDB data
innodb_buffer_pool_size: 256M
# Unless you have a pool size over 1GB, use a single instance
# See: https://mariadb.com/kb/en/mariadb/xtradbinnodb-server-system-variables
innodb_buffer_pool_instances: 1
# Ansible 2.7.x with PyMySQL seems to default to TCP connection so we should
# force it to use a Unix socket.
# See: https://github.com/ansible/ansible/issues/47736
@ -27,4 +22,12 @@ mariadb_login_unix_socket: /var/run/mysqld/mysqld.sock
# default is 100 but the max I've seen used is 5, so let's reduce it
max_connections: 33
# disable the query cache by default
query_cache_size: 0
query_cache_type: 0
# mysqltuner says we should use larger than 32M on our setup
tmp_table_size: 64M
max_heap_table_size: 64M
# vim: set ts=2 sw=2:

4
roles/mariadb/handlers/main.yml
View File

@ -1,5 +1,5 @@
---
- name: restart mysql
systemd: name=mysql state=restarted
- name: restart mariadb
systemd: name=mariadb state=restarted
# vim: set ts=2 sw=2:

8
roles/mariadb/tasks/main.yml
View File

@ -1,10 +1,10 @@
---
- name: Add GPG key for MariaDB repo
apt_key: id=0x177F4010FE56CA3336300305F1656F24C74CD1D8 url=https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x177F4010FE56CA3336300305F1656F24C74CD1D8
apt_key: id=0x177F4010FE56CA3336300305F1656F24C74CD1D8 url=https://mariadb.org/mariadb_release_signing_key.asc
register: add_mariadb_apt_key
tags: mariadb, packages
- name: Add MariaDB 10.4 repo
- name: Add MariaDB 10.5 repo
template: src=mariadb.list.j2 dest=/etc/apt/sources.list.d/mariadb.list owner=root group=root mode=0644
register: add_mariadb_apt_repository
tags: mariadb, packages
@ -26,7 +26,7 @@
- name: Create system my.cnf
template: src=my.cnf.j2 dest=/etc/mysql/my.cnf owner=root group=root mode=0644
notify:
- restart mysql
- restart mariadb
tags: mariadb
# 'localhost' needs to be the last item for idempotency, see
@ -51,7 +51,7 @@
tags: mariadb
- name: Create MariaDB user(s)
mysql_user: name={{ item.user }} password={{ item.pass }} priv={{ item.name }}.*:ALL state=present
mysql_user: name={{ item.user }} password={{ item.pass }} priv={{ item.name }}.*:ALL host=127.0.0.1 state=present
loop: "{{ mariadb_databases }}"
when: mariadb_databases is defined
tags: mariadb

2
roles/mariadb/templates/mariadb.list.j2
View File

@ -1,3 +1,3 @@
{{ ansible_managed | comment }}
deb [arch=amd64] http://mirror.23media.de/mariadb/repo/10.4/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main
deb [arch=amd64] http://mirror.23media.de/mariadb/repo/10.5/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main

15
roles/mariadb/templates/my.cnf.j2
View File

@ -47,6 +47,10 @@ skip-external-locking
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
# don't resolve connection IPs to hostnames (make sure user accounts are using
# IPs instead of "localhost")
skip-name-resolve=1
#
# * Fine Tuning
#
@ -57,8 +61,8 @@ max_allowed_packet = 16M
thread_cache_size = 128
sort_buffer_size = 4M
bulk_insert_buffer_size = 16M
tmp_table_size = 32M
max_heap_table_size = 32M
tmp_table_size = {{ tmp_table_size }}
max_heap_table_size = {{ max_heap_table_size }}
#
# * MyISAM
#
@ -75,11 +79,9 @@ read_rnd_buffer_size = 1M
#
# * Query Cache Configuration
#
# Cache only tiny result sets, so we can fit more in the query cache.
query_cache_limit = 128K
query_cache_size = 64M
# for more write intensive setups, set to DEMAND or OFF
#query_cache_type = DEMAND
query_cache_size = {{ query_cache_size }}
query_cache_type = {{ query_cache_type }}
#
# * Logging and Replication
#
@ -141,7 +143,6 @@ innodb_file_per_table = 1
innodb_open_files = 400
innodb_io_capacity = 400
innodb_flush_method = O_DIRECT
innodb_buffer_pool_instances = {{ innodb_buffer_pool_instances }}
aria_pagecache_buffer_size = {{ aria_pagecache_buffer_size }}
#

4
roles/php-fpm/tasks/Debian_10.yml
View File

@ -9,9 +9,6 @@
- php-mysql
- php-gd
- php-curl
# for Piwik
- php-mbstring
- php-xml
- name: Install php-fpm and deps
apt: name={{ php_fpm_packages }} state=present update_cache=yes
@ -32,5 +29,6 @@
template: src=php7.3-php.ini.j2 dest=/etc/php/7.3/fpm/php.ini owner=root group=root mode=0644
notify: reload php7.3-fpm
tags: php-fpm
when: (item.has_wordpress is defined and item.has_wordpress) or (item.needs_php is defined and item.needs_php)
# vim: set ts=2 sw=2:

4
roles/php-fpm/tasks/Ubuntu_18.04.yml
View File

@ -9,9 +9,6 @@
- php-mysql
- php-gd
- php-curl
# for Piwik
- php-mbstring
- php-xml
- name: Install php-fpm and deps
apt: name={{ php_fpm_packages }} state=present update_cache=yes
@ -32,5 +29,6 @@
template: src=php7.2-php.ini.j2 dest=/etc/php/7.2/fpm/php.ini owner=root group=root mode=0644
notify: reload php7.2-fpm
tags: php-fpm
when: (item.has_wordpress is defined and item.has_wordpress) or (item.needs_php is defined and item.needs_php)
# vim: set ts=2 sw=2:

4
roles/php-fpm/tasks/Ubuntu_20.04.yml
View File

@ -9,9 +9,6 @@
- php-mysql
- php-gd
- php-curl
# for Piwik
- php-mbstring
- php-xml
- name: Install php-fpm and deps
apt: name={{ php_fpm_packages }} state=present update_cache=yes
@ -32,5 +29,6 @@
template: src=php7.4-php.ini.j2 dest=/etc/php/7.4/fpm/php.ini owner=root group=root mode=0644
notify: reload php7.4-fpm
tags: php-fpm
when: (item.has_wordpress is defined and item.has_wordpress) or (item.needs_php is defined and item.needs_php)
# vim: set ts=2 sw=2:

10
vars/Alpine.yml Normal file
View File

@ -0,0 +1,10 @@
---
# sshd service name is `ssh` on Debian/Ubuntu, but it's
# `sshd` on CentOS and Alpine
sshd_service_name: sshd
# provisioning user vars
provisioning_user: { name: 'provisioning', home: '/home/provisioning' }
# vim: set ts=2 sw=2:

2
web.yml
View File

@ -6,7 +6,7 @@
become: yes
roles:
- common
- mariadb
- { role: mariadb, when: mariadb_databases is defined}
- nginx
- php-fpm
- munin