Selaa lähdekoodia

various fixes. noreply mail account, commento, fathom, postgres.

Thomas Buck 3 vuotta sitten
vanhempi
commit
029bbca332

+ 1
- 1
roles/blog/templates/etc_systemd_system_commento.j2 Näytä tiedosto

@@ -18,7 +18,7 @@ Environment=COMMENTO_BIND_ADDRESS=127.0.0.1
18 18
 Environment=COMMENTO_SMTP_HOST={{ domain }}
19 19
 Environment=COMMENTO_SMTP_PORT=587
20 20
 Environment=COMMENTO_SMTP_USERNAME=noreply@{{ domain }}
21
-Environment=COMMENTO_SMTP_PASSWORD={{ lookup('password', secret + '/' + 'mail_noreply_password length=20') }}
21
+Environment=COMMENTO_SMTP_PASSWORD={{ lookup('password', secret + '/' + 'mail_noreply_password length=20 chars=ascii_lowercase,ascii_uppercase,digits') }}
22 22
 Environment=COMMENTO_SMTP_FROM_ADDRESS=noreply@{{ domain }}
23 23
 Environment=COMMENTO_FORBID_NEW_OWNERS=false
24 24
 

+ 1
- 1
roles/blog/templates/home_user_fathom-stats_env.j2 Näytä tiedosto

@@ -2,7 +2,7 @@ FATHOM_SERVER_ADDR={{ fathom_internal_port }}
2 2
 FATHOM_GZIP=true
3 3
 FATHOM_DEBUG=false
4 4
 FATHOM_DATABASE_DRIVER="postgres"
5
-FATHOM_DATABASE_SSLMODE="require"
5
+FATHOM_DATABASE_SSLMODE="disable"
6 6
 FATHOM_DATABASE_NAME="{{ fathom_db_database }}"
7 7
 FATHOM_DATABASE_USER="{{ fathom_db_username }}"
8 8
 FATHOM_DATABASE_PASSWORD="{{ fathom_db_password }}"

+ 781
- 0
roles/common/files/etc_postgresql_13_main_postgresql.conf Näytä tiedosto

@@ -0,0 +1,781 @@
1
+# -----------------------------
2
+# PostgreSQL configuration file
3
+# -----------------------------
4
+#
5
+# This file consists of lines of the form:
6
+#
7
+#   name = value
8
+#
9
+# (The "=" is optional.)  Whitespace may be used.  Comments are introduced with
10
+# "#" anywhere on a line.  The complete list of parameter names and allowed
11
+# values can be found in the PostgreSQL documentation.
12
+#
13
+# The commented-out settings shown in this file represent the default values.
14
+# Re-commenting a setting is NOT sufficient to revert it to the default value;
15
+# you need to reload the server.
16
+#
17
+# This file is read on server startup and when the server receives a SIGHUP
18
+# signal.  If you edit the file on a running system, you have to SIGHUP the
19
+# server for the changes to take effect, run "pg_ctl reload", or execute
20
+# "SELECT pg_reload_conf()".  Some parameters, which are marked below,
21
+# require a server shutdown and restart to take effect.
22
+#
23
+# Any parameter can also be given as a command-line option to the server, e.g.,
24
+# "postgres -c log_connections=on".  Some parameters can be changed at run time
25
+# with the "SET" SQL command.
26
+#
27
+# Memory units:  kB = kilobytes        Time units:  ms  = milliseconds
28
+#                MB = megabytes                     s   = seconds
29
+#                GB = gigabytes                     min = minutes
30
+#                TB = terabytes                     h   = hours
31
+#                                                   d   = days
32
+
33
+
34
+#------------------------------------------------------------------------------
35
+# FILE LOCATIONS
36
+#------------------------------------------------------------------------------
37
+
38
+# The default values of these variables are driven from the -D command-line
39
+# option or PGDATA environment variable, represented here as ConfigDir.
40
+
41
+data_directory = '/var/lib/postgresql/13/main'		# use data in another directory
42
+					# (change requires restart)
43
+hba_file = '/etc/postgresql/13/main/pg_hba.conf'	# host-based authentication file
44
+					# (change requires restart)
45
+ident_file = '/etc/postgresql/13/main/pg_ident.conf'	# ident configuration file
46
+					# (change requires restart)
47
+
48
+# If external_pid_file is not explicitly set, no extra PID file is written.
49
+external_pid_file = '/var/run/postgresql/13-main.pid'			# write an extra PID file
50
+					# (change requires restart)
51
+
52
+
53
+#------------------------------------------------------------------------------
54
+# CONNECTIONS AND AUTHENTICATION
55
+#------------------------------------------------------------------------------
56
+
57
+# - Connection Settings -
58
+
59
+#listen_addresses = 'localhost'		# what IP address(es) to listen on;
60
+					# comma-separated list of addresses;
61
+					# defaults to 'localhost'; use '*' for all
62
+					# (change requires restart)
63
+port = 5432				# (change requires restart)
64
+max_connections = 100			# (change requires restart)
65
+#superuser_reserved_connections = 3	# (change requires restart)
66
+unix_socket_directories = '/var/run/postgresql'	# comma-separated list of directories
67
+					# (change requires restart)
68
+#unix_socket_group = ''			# (change requires restart)
69
+#unix_socket_permissions = 0777		# begin with 0 to use octal notation
70
+					# (change requires restart)
71
+#bonjour = off				# advertise server via Bonjour
72
+					# (change requires restart)
73
+#bonjour_name = ''			# defaults to the computer name
74
+					# (change requires restart)
75
+
76
+# - TCP settings -
77
+# see "man tcp" for details
78
+
79
+#tcp_keepalives_idle = 0		# TCP_KEEPIDLE, in seconds;
80
+					# 0 selects the system default
81
+#tcp_keepalives_interval = 0		# TCP_KEEPINTVL, in seconds;
82
+					# 0 selects the system default
83
+#tcp_keepalives_count = 0		# TCP_KEEPCNT;
84
+					# 0 selects the system default
85
+#tcp_user_timeout = 0			# TCP_USER_TIMEOUT, in milliseconds;
86
+					# 0 selects the system default
87
+
88
+# - Authentication -
89
+
90
+#authentication_timeout = 1min		# 1s-600s
91
+#password_encryption = md5		# md5 or scram-sha-256
92
+#db_user_namespace = off
93
+
94
+# GSSAPI using Kerberos
95
+#krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab'
96
+#krb_caseins_users = off
97
+
98
+# - SSL -
99
+
100
+#ssl = on
101
+#ssl_ca_file = ''
102
+#ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
103
+#ssl_crl_file = ''
104
+#ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
105
+#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
106
+#ssl_prefer_server_ciphers = on
107
+#ssl_ecdh_curve = 'prime256v1'
108
+#ssl_min_protocol_version = 'TLSv1.2'
109
+#ssl_max_protocol_version = ''
110
+#ssl_dh_params_file = ''
111
+#ssl_passphrase_command = ''
112
+#ssl_passphrase_command_supports_reload = off
113
+
114
+
115
+#------------------------------------------------------------------------------
116
+# RESOURCE USAGE (except WAL)
117
+#------------------------------------------------------------------------------
118
+
119
+# - Memory -
120
+
121
+shared_buffers = 128MB			# min 128kB
122
+					# (change requires restart)
123
+#huge_pages = try			# on, off, or try
124
+					# (change requires restart)
125
+#temp_buffers = 8MB			# min 800kB
126
+#max_prepared_transactions = 0		# zero disables the feature
127
+					# (change requires restart)
128
+# Caution: it is not advisable to set max_prepared_transactions nonzero unless
129
+# you actively intend to use prepared transactions.
130
+#work_mem = 4MB				# min 64kB
131
+#hash_mem_multiplier = 1.0		# 1-1000.0 multiplier on hash table work_mem
132
+#maintenance_work_mem = 64MB		# min 1MB
133
+#autovacuum_work_mem = -1		# min 1MB, or -1 to use maintenance_work_mem
134
+#logical_decoding_work_mem = 64MB	# min 64kB
135
+#max_stack_depth = 2MB			# min 100kB
136
+#shared_memory_type = mmap		# the default is the first option
137
+					# supported by the operating system:
138
+					#   mmap
139
+					#   sysv
140
+					#   windows
141
+					# (change requires restart)
142
+dynamic_shared_memory_type = posix	# the default is the first option
143
+					# supported by the operating system:
144
+					#   posix
145
+					#   sysv
146
+					#   windows
147
+					#   mmap
148
+					# (change requires restart)
149
+
150
+# - Disk -
151
+
152
+#temp_file_limit = -1			# limits per-process temp file space
153
+					# in kilobytes, or -1 for no limit
154
+
155
+# - Kernel Resources -
156
+
157
+#max_files_per_process = 1000		# min 64
158
+					# (change requires restart)
159
+
160
+# - Cost-Based Vacuum Delay -
161
+
162
+#vacuum_cost_delay = 0			# 0-100 milliseconds (0 disables)
163
+#vacuum_cost_page_hit = 1		# 0-10000 credits
164
+#vacuum_cost_page_miss = 10		# 0-10000 credits
165
+#vacuum_cost_page_dirty = 20		# 0-10000 credits
166
+#vacuum_cost_limit = 200		# 1-10000 credits
167
+
168
+# - Background Writer -
169
+
170
+#bgwriter_delay = 200ms			# 10-10000ms between rounds
171
+#bgwriter_lru_maxpages = 100		# max buffers written/round, 0 disables
172
+#bgwriter_lru_multiplier = 2.0		# 0-10.0 multiplier on buffers scanned/round
173
+#bgwriter_flush_after = 512kB		# measured in pages, 0 disables
174
+
175
+# - Asynchronous Behavior -
176
+
177
+#effective_io_concurrency = 1		# 1-1000; 0 disables prefetching
178
+#maintenance_io_concurrency = 10	# 1-1000; 0 disables prefetching
179
+#max_worker_processes = 8		# (change requires restart)
180
+#max_parallel_maintenance_workers = 2	# taken from max_parallel_workers
181
+#max_parallel_workers_per_gather = 2	# taken from max_parallel_workers
182
+#parallel_leader_participation = on
183
+#max_parallel_workers = 8		# maximum number of max_worker_processes that
184
+					# can be used in parallel operations
185
+#old_snapshot_threshold = -1		# 1min-60d; -1 disables; 0 is immediate
186
+					# (change requires restart)
187
+#backend_flush_after = 0		# measured in pages, 0 disables
188
+
189
+
190
+#------------------------------------------------------------------------------
191
+# WRITE-AHEAD LOG
192
+#------------------------------------------------------------------------------
193
+
194
+# - Settings -
195
+
196
+#wal_level = replica			# minimal, replica, or logical
197
+					# (change requires restart)
198
+#fsync = on				# flush data to disk for crash safety
199
+					# (turning this off can cause
200
+					# unrecoverable data corruption)
201
+#synchronous_commit = on		# synchronization level;
202
+					# off, local, remote_write, remote_apply, or on
203
+#wal_sync_method = fsync		# the default is the first option
204
+					# supported by the operating system:
205
+					#   open_datasync
206
+					#   fdatasync (default on Linux and FreeBSD)
207
+					#   fsync
208
+					#   fsync_writethrough
209
+					#   open_sync
210
+#full_page_writes = on			# recover from partial page writes
211
+#wal_compression = off			# enable compression of full-page writes
212
+#wal_log_hints = off			# also do full page writes of non-critical updates
213
+					# (change requires restart)
214
+#wal_init_zero = on			# zero-fill new WAL files
215
+#wal_recycle = on			# recycle WAL files
216
+#wal_buffers = -1			# min 32kB, -1 sets based on shared_buffers
217
+					# (change requires restart)
218
+#wal_writer_delay = 200ms		# 1-10000 milliseconds
219
+#wal_writer_flush_after = 1MB		# measured in pages, 0 disables
220
+#wal_skip_threshold = 2MB
221
+
222
+#commit_delay = 0			# range 0-100000, in microseconds
223
+#commit_siblings = 5			# range 1-1000
224
+
225
+# - Checkpoints -
226
+
227
+#checkpoint_timeout = 5min		# range 30s-1d
228
+max_wal_size = 1GB
229
+min_wal_size = 80MB
230
+#checkpoint_completion_target = 0.5	# checkpoint target duration, 0.0 - 1.0
231
+#checkpoint_flush_after = 256kB		# measured in pages, 0 disables
232
+#checkpoint_warning = 30s		# 0 disables
233
+
234
+# - Archiving -
235
+
236
+#archive_mode = off		# enables archiving; off, on, or always
237
+				# (change requires restart)
238
+#archive_command = ''		# command to use to archive a logfile segment
239
+				# placeholders: %p = path of file to archive
240
+				#               %f = file name only
241
+				# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
242
+#archive_timeout = 0		# force a logfile segment switch after this
243
+				# number of seconds; 0 disables
244
+
245
+# - Archive Recovery -
246
+
247
+# These are only used in recovery mode.
248
+
249
+#restore_command = ''		# command to use to restore an archived logfile segment
250
+				# placeholders: %p = path of file to restore
251
+				#               %f = file name only
252
+				# e.g. 'cp /mnt/server/archivedir/%f %p'
253
+				# (change requires restart)
254
+#archive_cleanup_command = ''	# command to execute at every restartpoint
255
+#recovery_end_command = ''	# command to execute at completion of recovery
256
+
257
+# - Recovery Target -
258
+
259
+# Set these only when performing a targeted recovery.
260
+
261
+#recovery_target = ''		# 'immediate' to end recovery as soon as a
262
+                                # consistent state is reached
263
+				# (change requires restart)
264
+#recovery_target_name = ''	# the named restore point to which recovery will proceed
265
+				# (change requires restart)
266
+#recovery_target_time = ''	# the time stamp up to which recovery will proceed
267
+				# (change requires restart)
268
+#recovery_target_xid = ''	# the transaction ID up to which recovery will proceed
269
+				# (change requires restart)
270
+#recovery_target_lsn = ''	# the WAL LSN up to which recovery will proceed
271
+				# (change requires restart)
272
+#recovery_target_inclusive = on # Specifies whether to stop:
273
+				# just after the specified recovery target (on)
274
+				# just before the recovery target (off)
275
+				# (change requires restart)
276
+#recovery_target_timeline = 'latest'	# 'current', 'latest', or timeline ID
277
+				# (change requires restart)
278
+#recovery_target_action = 'pause'	# 'pause', 'promote', 'shutdown'
279
+				# (change requires restart)
280
+
281
+
282
+#------------------------------------------------------------------------------
283
+# REPLICATION
284
+#------------------------------------------------------------------------------
285
+
286
+# - Sending Servers -
287
+
288
+# Set these on the master and on any standby that will send replication data.
289
+
290
+#max_wal_senders = 10		# max number of walsender processes
291
+				# (change requires restart)
292
+#wal_keep_size = 0		# in megabytes; 0 disables
293
+#max_slot_wal_keep_size = -1	# in megabytes; -1 disables
294
+#wal_sender_timeout = 60s	# in milliseconds; 0 disables
295
+
296
+#max_replication_slots = 10	# max number of replication slots
297
+				# (change requires restart)
298
+#track_commit_timestamp = off	# collect timestamp of transaction commit
299
+				# (change requires restart)
300
+
301
+# - Master Server -
302
+
303
+# These settings are ignored on a standby server.
304
+
305
+#synchronous_standby_names = ''	# standby servers that provide sync rep
306
+				# method to choose sync standbys, number of sync standbys,
307
+				# and comma-separated list of application_name
308
+				# from standby(s); '*' = all
309
+#vacuum_defer_cleanup_age = 0	# number of xacts by which cleanup is delayed
310
+
311
+# - Standby Servers -
312
+
313
+# These settings are ignored on a master server.
314
+
315
+#primary_conninfo = ''			# connection string to sending server
316
+#primary_slot_name = ''			# replication slot on sending server
317
+#promote_trigger_file = ''		# file name whose presence ends recovery
318
+#hot_standby = on			# "off" disallows queries during recovery
319
+					# (change requires restart)
320
+#max_standby_archive_delay = 30s	# max delay before canceling queries
321
+					# when reading WAL from archive;
322
+					# -1 allows indefinite delay
323
+#max_standby_streaming_delay = 30s	# max delay before canceling queries
324
+					# when reading streaming WAL;
325
+					# -1 allows indefinite delay
326
+#wal_receiver_create_temp_slot = off	# create temp slot if primary_slot_name
327
+					# is not set
328
+#wal_receiver_status_interval = 10s	# send replies at least this often
329
+					# 0 disables
330
+#hot_standby_feedback = off		# send info from standby to prevent
331
+					# query conflicts
332
+#wal_receiver_timeout = 60s		# time that receiver waits for
333
+					# communication from master
334
+					# in milliseconds; 0 disables
335
+#wal_retrieve_retry_interval = 5s	# time to wait before retrying to
336
+					# retrieve WAL after a failed attempt
337
+#recovery_min_apply_delay = 0		# minimum delay for applying changes during recovery
338
+
339
+# - Subscribers -
340
+
341
+# These settings are ignored on a publisher.
342
+
343
+#max_logical_replication_workers = 4	# taken from max_worker_processes
344
+					# (change requires restart)
345
+#max_sync_workers_per_subscription = 2	# taken from max_logical_replication_workers
346
+
347
+
348
+#------------------------------------------------------------------------------
349
+# QUERY TUNING
350
+#------------------------------------------------------------------------------
351
+
352
+# - Planner Method Configuration -
353
+
354
+#enable_bitmapscan = on
355
+#enable_hashagg = on
356
+#enable_hashjoin = on
357
+#enable_indexscan = on
358
+#enable_indexonlyscan = on
359
+#enable_material = on
360
+#enable_mergejoin = on
361
+#enable_nestloop = on
362
+#enable_parallel_append = on
363
+#enable_seqscan = on
364
+#enable_sort = on
365
+#enable_incremental_sort = on
366
+#enable_tidscan = on
367
+#enable_partitionwise_join = off
368
+#enable_partitionwise_aggregate = off
369
+#enable_parallel_hash = on
370
+#enable_partition_pruning = on
371
+
372
+# - Planner Cost Constants -
373
+
374
+#seq_page_cost = 1.0			# measured on an arbitrary scale
375
+#random_page_cost = 4.0			# same scale as above
376
+#cpu_tuple_cost = 0.01			# same scale as above
377
+#cpu_index_tuple_cost = 0.005		# same scale as above
378
+#cpu_operator_cost = 0.0025		# same scale as above
379
+#parallel_tuple_cost = 0.1		# same scale as above
380
+#parallel_setup_cost = 1000.0	# same scale as above
381
+
382
+#jit_above_cost = 100000		# perform JIT compilation if available
383
+					# and query more expensive than this;
384
+					# -1 disables
385
+#jit_inline_above_cost = 500000		# inline small functions if query is
386
+					# more expensive than this; -1 disables
387
+#jit_optimize_above_cost = 500000	# use expensive JIT optimizations if
388
+					# query is more expensive than this;
389
+					# -1 disables
390
+
391
+#min_parallel_table_scan_size = 8MB
392
+#min_parallel_index_scan_size = 512kB
393
+#effective_cache_size = 4GB
394
+
395
+# - Genetic Query Optimizer -
396
+
397
+#geqo = on
398
+#geqo_threshold = 12
399
+#geqo_effort = 5			# range 1-10
400
+#geqo_pool_size = 0			# selects default based on effort
401
+#geqo_generations = 0			# selects default based on effort
402
+#geqo_selection_bias = 2.0		# range 1.5-2.0
403
+#geqo_seed = 0.0			# range 0.0-1.0
404
+
405
+# - Other Planner Options -
406
+
407
+#default_statistics_target = 100	# range 1-10000
408
+#constraint_exclusion = partition	# on, off, or partition
409
+#cursor_tuple_fraction = 0.1		# range 0.0-1.0
410
+#from_collapse_limit = 8
411
+#join_collapse_limit = 8		# 1 disables collapsing of explicit
412
+					# JOIN clauses
413
+#force_parallel_mode = off
414
+#jit = on				# allow JIT compilation
415
+#plan_cache_mode = auto			# auto, force_generic_plan or
416
+					# force_custom_plan
417
+
418
+
419
+#------------------------------------------------------------------------------
420
+# REPORTING AND LOGGING
421
+#------------------------------------------------------------------------------
422
+
423
+# - Where to Log -
424
+
425
+#log_destination = 'stderr'		# Valid values are combinations of
426
+					# stderr, csvlog, syslog, and eventlog,
427
+					# depending on platform.  csvlog
428
+					# requires logging_collector to be on.
429
+
430
+# This is used when logging to stderr:
431
+#logging_collector = off		# Enable capturing of stderr and csvlog
432
+					# into log files. Required to be on for
433
+					# csvlogs.
434
+					# (change requires restart)
435
+
436
+# These are only used if logging_collector is on:
437
+#log_directory = 'log'			# directory where log files are written,
438
+					# can be absolute or relative to PGDATA
439
+#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'	# log file name pattern,
440
+					# can include strftime() escapes
441
+#log_file_mode = 0600			# creation mode for log files,
442
+					# begin with 0 to use octal notation
443
+#log_truncate_on_rotation = off		# If on, an existing log file with the
444
+					# same name as the new log file will be
445
+					# truncated rather than appended to.
446
+					# But such truncation only occurs on
447
+					# time-driven rotation, not on restarts
448
+					# or size-driven rotation.  Default is
449
+					# off, meaning append to existing files
450
+					# in all cases.
451
+#log_rotation_age = 1d			# Automatic rotation of logfiles will
452
+					# happen after that time.  0 disables.
453
+#log_rotation_size = 10MB		# Automatic rotation of logfiles will
454
+					# happen after that much log output.
455
+					# 0 disables.
456
+
457
+# These are relevant when logging to syslog:
458
+#syslog_facility = 'LOCAL0'
459
+#syslog_ident = 'postgres'
460
+#syslog_sequence_numbers = on
461
+#syslog_split_messages = on
462
+
463
+# This is only relevant when logging to eventlog (win32):
464
+# (change requires restart)
465
+#event_source = 'PostgreSQL'
466
+
467
+# - When to Log -
468
+
469
+#log_min_messages = warning		# values in order of decreasing detail:
470
+					#   debug5
471
+					#   debug4
472
+					#   debug3
473
+					#   debug2
474
+					#   debug1
475
+					#   info
476
+					#   notice
477
+					#   warning
478
+					#   error
479
+					#   log
480
+					#   fatal
481
+					#   panic
482
+
483
+#log_min_error_statement = error	# values in order of decreasing detail:
484
+					#   debug5
485
+					#   debug4
486
+					#   debug3
487
+					#   debug2
488
+					#   debug1
489
+					#   info
490
+					#   notice
491
+					#   warning
492
+					#   error
493
+					#   log
494
+					#   fatal
495
+					#   panic (effectively off)
496
+
497
+#log_min_duration_statement = -1	# -1 is disabled, 0 logs all statements
498
+					# and their durations, > 0 logs only
499
+					# statements running at least this number
500
+					# of milliseconds
501
+
502
+#log_min_duration_sample = -1		# -1 is disabled, 0 logs a sample of statements
503
+					# and their durations, > 0 logs only a sample of
504
+					# statements running at least this number
505
+					# of milliseconds;
506
+					# sample fraction is determined by log_statement_sample_rate
507
+
508
+#log_statement_sample_rate = 1.0	# fraction of logged statements exceeding
509
+					# log_min_duration_sample to be logged;
510
+					# 1.0 logs all such statements, 0.0 never logs
511
+
512
+
513
+#log_transaction_sample_rate = 0.0	# fraction of transactions whose statements
514
+					# are logged regardless of their duration; 1.0 logs all
515
+					# statements from all transactions, 0.0 never logs
516
+
517
+# - What to Log -
518
+
519
+#debug_print_parse = off
520
+#debug_print_rewritten = off
521
+#debug_print_plan = off
522
+#debug_pretty_print = on
523
+#log_checkpoints = off
524
+#log_connections = off
525
+#log_disconnections = off
526
+#log_duration = off
527
+#log_error_verbosity = default		# terse, default, or verbose messages
528
+#log_hostname = off
529
+log_line_prefix = '%m [%p] %q%u@%d '		# special values:
530
+					#   %a = application name
531
+					#   %u = user name
532
+					#   %d = database name
533
+					#   %r = remote host and port
534
+					#   %h = remote host
535
+					#   %b = backend type
536
+					#   %p = process ID
537
+					#   %t = timestamp without milliseconds
538
+					#   %m = timestamp with milliseconds
539
+					#   %n = timestamp with milliseconds (as a Unix epoch)
540
+					#   %i = command tag
541
+					#   %e = SQL state
542
+					#   %c = session ID
543
+					#   %l = session line number
544
+					#   %s = session start timestamp
545
+					#   %v = virtual transaction ID
546
+					#   %x = transaction ID (0 if none)
547
+					#   %q = stop here in non-session
548
+					#        processes
549
+					#   %% = '%'
550
+					# e.g. '<%u%%%d> '
551
+#log_lock_waits = off			# log lock waits >= deadlock_timeout
552
+#log_parameter_max_length = -1		# when logging statements, limit logged
553
+					# bind-parameter values to N bytes;
554
+					# -1 means print in full, 0 disables
555
+#log_parameter_max_length_on_error = 0	# when logging an error, limit logged
556
+					# bind-parameter values to N bytes;
557
+					# -1 means print in full, 0 disables
558
+#log_statement = 'none'			# none, ddl, mod, all
559
+#log_replication_commands = off
560
+#log_temp_files = -1			# log temporary files equal or larger
561
+					# than the specified size in kilobytes;
562
+					# -1 disables, 0 logs all temp files
563
+log_timezone = 'Etc/UTC'
564
+
565
+#------------------------------------------------------------------------------
566
+# PROCESS TITLE
567
+#------------------------------------------------------------------------------
568
+
569
+cluster_name = '13/main'			# added to process titles if nonempty
570
+					# (change requires restart)
571
+#update_process_title = on
572
+
573
+
574
+#------------------------------------------------------------------------------
575
+# STATISTICS
576
+#------------------------------------------------------------------------------
577
+
578
+# - Query and Index Statistics Collector -
579
+
580
+#track_activities = on
581
+#track_counts = on
582
+#track_io_timing = off
583
+#track_functions = none			# none, pl, all
584
+#track_activity_query_size = 1024	# (change requires restart)
585
+stats_temp_directory = '/var/run/postgresql/13-main.pg_stat_tmp'
586
+
587
+
588
+# - Monitoring -
589
+
590
+#log_parser_stats = off
591
+#log_planner_stats = off
592
+#log_executor_stats = off
593
+#log_statement_stats = off
594
+
595
+
596
+#------------------------------------------------------------------------------
597
+# AUTOVACUUM
598
+#------------------------------------------------------------------------------
599
+
600
+#autovacuum = on			# Enable autovacuum subprocess?  'on'
601
+					# requires track_counts to also be on.
602
+#log_autovacuum_min_duration = -1	# -1 disables, 0 logs all actions and
603
+					# their durations, > 0 logs only
604
+					# actions running at least this number
605
+					# of milliseconds.
606
+#autovacuum_max_workers = 3		# max number of autovacuum subprocesses
607
+					# (change requires restart)
608
+#autovacuum_naptime = 1min		# time between autovacuum runs
609
+#autovacuum_vacuum_threshold = 50	# min number of row updates before
610
+					# vacuum
611
+#autovacuum_vacuum_insert_threshold = 1000	# min number of row inserts
612
+					# before vacuum; -1 disables insert
613
+					# vacuums
614
+#autovacuum_analyze_threshold = 50	# min number of row updates before
615
+					# analyze
616
+#autovacuum_vacuum_scale_factor = 0.2	# fraction of table size before vacuum
617
+#autovacuum_vacuum_insert_scale_factor = 0.2	# fraction of inserts over table
618
+					# size before insert vacuum
619
+#autovacuum_analyze_scale_factor = 0.1	# fraction of table size before analyze
620
+#autovacuum_freeze_max_age = 200000000	# maximum XID age before forced vacuum
621
+					# (change requires restart)
622
+#autovacuum_multixact_freeze_max_age = 400000000	# maximum multixact age
623
+					# before forced vacuum
624
+					# (change requires restart)
625
+#autovacuum_vacuum_cost_delay = 2ms	# default vacuum cost delay for
626
+					# autovacuum, in milliseconds;
627
+					# -1 means use vacuum_cost_delay
628
+#autovacuum_vacuum_cost_limit = -1	# default vacuum cost limit for
629
+					# autovacuum, -1 means use
630
+					# vacuum_cost_limit
631
+
632
+
633
+#------------------------------------------------------------------------------
634
+# CLIENT CONNECTION DEFAULTS
635
+#------------------------------------------------------------------------------
636
+
637
+# - Statement Behavior -
638
+
639
+#client_min_messages = notice		# values in order of decreasing detail:
640
+					#   debug5
641
+					#   debug4
642
+					#   debug3
643
+					#   debug2
644
+					#   debug1
645
+					#   log
646
+					#   notice
647
+					#   warning
648
+					#   error
649
+#search_path = '"$user", public'	# schema names
650
+#row_security = on
651
+#default_tablespace = ''		# a tablespace name, '' uses the default
652
+#temp_tablespaces = ''			# a list of tablespace names, '' uses
653
+					# only default tablespace
654
+#default_table_access_method = 'heap'
655
+#check_function_bodies = on
656
+#default_transaction_isolation = 'read committed'
657
+#default_transaction_read_only = off
658
+#default_transaction_deferrable = off
659
+#session_replication_role = 'origin'
660
+#statement_timeout = 0			# in milliseconds, 0 is disabled
661
+#lock_timeout = 0			# in milliseconds, 0 is disabled
662
+#idle_in_transaction_session_timeout = 0	# in milliseconds, 0 is disabled
663
+#vacuum_freeze_min_age = 50000000
664
+#vacuum_freeze_table_age = 150000000
665
+#vacuum_multixact_freeze_min_age = 5000000
666
+#vacuum_multixact_freeze_table_age = 150000000
667
+#vacuum_cleanup_index_scale_factor = 0.1	# fraction of total number of tuples
668
+						# before index cleanup, 0 always performs
669
+						# index cleanup
670
+#bytea_output = 'hex'			# hex, escape
671
+#xmlbinary = 'base64'
672
+#xmloption = 'content'
673
+#gin_fuzzy_search_limit = 0
674
+#gin_pending_list_limit = 4MB
675
+
676
+# - Locale and Formatting -
677
+
678
+datestyle = 'iso, mdy'
679
+#intervalstyle = 'postgres'
680
+timezone = 'Etc/UTC'
681
+#timezone_abbreviations = 'Default'     # Select the set of available time zone
682
+					# abbreviations.  Currently, there are
683
+					#   Default
684
+					#   Australia (historical usage)
685
+					#   India
686
+					# You can create your own file in
687
+					# share/timezonesets/.
688
+#extra_float_digits = 1			# min -15, max 3; any value >0 actually
689
+					# selects precise output mode
690
+#client_encoding = sql_ascii		# actually, defaults to database
691
+					# encoding
692
+
693
+# These settings are initialized by initdb, but they can be changed.
694
+lc_messages = 'en_US.UTF-8'			# locale for system error message
695
+					# strings
696
+lc_monetary = 'en_US.UTF-8'			# locale for monetary formatting
697
+lc_numeric = 'en_US.UTF-8'			# locale for number formatting
698
+lc_time = 'en_US.UTF-8'				# locale for time formatting
699
+
700
+# default configuration for text search
701
+default_text_search_config = 'pg_catalog.english'
702
+
703
+# - Shared Library Preloading -
704
+
705
+#shared_preload_libraries = ''	# (change requires restart)
706
+#local_preload_libraries = ''
707
+#session_preload_libraries = ''
708
+#jit_provider = 'llvmjit'		# JIT library to use
709
+
710
+# - Other Defaults -
711
+
712
+#dynamic_library_path = '$libdir'
713
+#extension_destdir = ''			# prepend path when loading extensions
714
+					# and shared objects (added by Debian)
715
+
716
+
717
+#------------------------------------------------------------------------------
718
+# LOCK MANAGEMENT
719
+#------------------------------------------------------------------------------
720
+
721
+#deadlock_timeout = 1s
722
+#max_locks_per_transaction = 64		# min 10
723
+					# (change requires restart)
724
+#max_pred_locks_per_transaction = 64	# min 10
725
+					# (change requires restart)
726
+#max_pred_locks_per_relation = -2	# negative values mean
727
+					# (max_pred_locks_per_transaction
728
+					#  / -max_pred_locks_per_relation) - 1
729
+#max_pred_locks_per_page = 2            # min 0
730
+
731
+
732
+#------------------------------------------------------------------------------
733
+# VERSION AND PLATFORM COMPATIBILITY
734
+#------------------------------------------------------------------------------
735
+
736
+# - Previous PostgreSQL Versions -
737
+
738
+#array_nulls = on
739
+#backslash_quote = safe_encoding	# on, off, or safe_encoding
740
+#escape_string_warning = on
741
+#lo_compat_privileges = off
742
+#operator_precedence_warning = off
743
+#quote_all_identifiers = off
744
+#standard_conforming_strings = on
745
+#synchronize_seqscans = on
746
+
747
+# - Other Platforms and Clients -
748
+
749
+#transform_null_equals = off
750
+
751
+
752
+#------------------------------------------------------------------------------
753
+# ERROR HANDLING
754
+#------------------------------------------------------------------------------
755
+
756
+#exit_on_error = off			# terminate session on any error?
757
+#restart_after_crash = on		# reinitialize after backend crash?
758
+#data_sync_retry = off			# retry or panic on failure to fsync
759
+					# data?
760
+					# (change requires restart)
761
+
762
+
763
+#------------------------------------------------------------------------------
764
+# CONFIG FILE INCLUDES
765
+#------------------------------------------------------------------------------
766
+
767
+# These options allow settings to be loaded from files other than the
768
+# default postgresql.conf.  Note that these are directives, not variable
769
+# assignments, so they can usefully be given more than once.
770
+
771
+include_dir = 'conf.d'			# include files ending in '.conf' from
772
+					# a directory, e.g., 'conf.d'
773
+#include_if_exists = '...'		# include file only if it exists
774
+#include = '...'			# include file
775
+
776
+
777
+#------------------------------------------------------------------------------
778
+# CUSTOMIZED OPTIONS
779
+#------------------------------------------------------------------------------
780
+
781
+# Add settings for extensions here

+ 11
- 3
roles/common/tasks/postgres.yml Näytä tiedosto

@@ -37,10 +37,18 @@
37 37
     - dependencies
38 38
   when: ansible_distribution_version == '11'
39 39
 
40
+- name: Copy PostgreSQL configuration into place
41
+  copy: src=etc_postgresql_11_main_postgresql.conf dest=/etc/postgresql/11/main/postgresql.conf owner=postgres group=postgres mode=0644
42
+  when: ansible_distribution_version == '10'
43
+
44
+- name: Copy PostgreSQL configuration into place
45
+  copy: src=etc_postgresql_13_main_postgresql.conf dest=/etc/postgresql/13/main/postgresql.conf owner=postgres group=postgres mode=0644
46
+  when: ansible_distribution_version == '11'
47
+
48
+- name: Ensure PostgreSQL is restarted
49
+  service: name=postgresql state=restarted
50
+
40 51
 - name: Set password for PostgreSQL admin user
41 52
   become: true
42 53
   become_user: postgres
43 54
   postgresql_user: name={{ db_admin_username }} password={{ db_admin_password }} encrypted=yes
44
-
45
-- name: Copy PostgreSQL configuration into place
46
-  copy: src=etc_postgresql_11_main_postgresql.conf dest=/etc/postgresql/11/main/postgresql.conf owner=postgres group=postgres mode=0644

+ 5
- 0
roles/limesurvey/DESIGN.md Näytä tiedosto

@@ -0,0 +1,5 @@
1
+# LimeSurvey
2
+
3
+After running this role, you can reach the installer at `survey.DOMAIN/admin`.
4
+Set the admin account and create the database tables.
5
+The PostgreSQL credentials can be found in the defaults, the password will be in secret.

+ 0
- 4
roles/limesurvey/defaults/main.yml Näytä tiedosto

@@ -7,7 +7,3 @@ limesurvey_url: "https://download.limesurvey.org/latest-stable-release/limesurve
7 7
 limesurvey_db_username: limesurveyuser
8 8
 limesurvey_db_password: "{{ lookup('password', secret + '/' + 'limesurvey_db_password length=32') }}"
9 9
 limesurvey_db_database: limesurvey
10
-
11
-# must match values in roles/common
12
-db_admin_username: 'postgres'
13
-db_admin_password: "{{ lookup('password', secret + '/' + 'db_admin_password length=32') }}"

+ 4
- 0
roles/mailserver/defaults/main.yml Näytä tiedosto

@@ -23,6 +23,10 @@ mail_virtual_users:
23 23
     domain: "{{ domain }}"
24 24
     password: "{{ lookup('password', secret + '/' + 'mail_main_user_password length=20') | doveadm_pw_hash }}"
25 25
     sendonly: 0
26
+  - account: "noreply"
27
+    domain: "{{ domain }}"
28
+    password: "{{ lookup('password', secret + '/' + 'mail_noreply_password length=20 chars=ascii_lowercase,ascii_uppercase,digits') | doveadm_pw_hash }}"
29
+    sendonly: 1
26 30
 
27 31
 mail_virtual_aliases:
28 32
   - source: "root@{{ domain }}"

+ 4
- 0
roles/mailserver/templates/etc_dovecot_conf.d_20-imap.conf.j2 Näytä tiedosto

@@ -13,7 +13,11 @@ protocol imap {
13 13
   #mail_max_userip_connections = 10
14 14
 
15 15
   # Space separated list of plugins to load (default is global mail_plugins).
16
+{% if ansible_distribution_version != '11' %}
16 17
   mail_plugins = $mail_plugins antispam fts fts_solr
18
+{% else %}
19
+  mail_plugins = $mail_plugins antispam fts
20
+{% endif %}
17 21
 
18 22
   # IMAP logout format string:
19 23
   #  %i - total number of bytes read from client

+ 1
- 1
roles/mailserver/templates/etc_dovecot_dovecot-sql.conf.ext.j2 Näytä tiedosto

@@ -103,7 +103,7 @@ default_pass_scheme = SHA512-CRYPT
103 103
 #  SELECT username, domain, password \
104 104
 #  FROM users WHERE username = '%n' AND domain = '%d'
105 105
 
106
-password_query = SELECT username AS user, domain, password FROM virtual_users WHERE username = '%n' AND domain = '%d' and sendonly = false;
106
+password_query = SELECT username AS user, domain, password FROM virtual_users WHERE username = '%n' AND domain = '%d';
107 107
 
108 108
 # userdb query to retrieve the user information. It can return fields:
109 109
 #   uid - System UID (overrides mail_uid setting)

+ 4
- 4
roles/webmail/templates/etc_apache2_sites-available_roundcube.j2 Näytä tiedosto

@@ -14,23 +14,23 @@
14 14
     ErrorLog                /var/log/apache2/roundcube.info-error_log
15 15
     CustomLog               /var/log/apache2/roundcube.info-access_log common
16 16
 
17
-    <Directory /var/www/roundcube>
17
+    <Directory /var/lib/roundcube>
18 18
         AllowOverride All
19 19
         Require all granted
20 20
         DirectoryIndex index.php
21 21
     </Directory>
22 22
 
23
-    <Directory /opt/roundcube/config>
23
+    <Directory /var/lib/roundcube/config>
24 24
         AllowOverride None
25 25
         Require all denied
26 26
     </Directory>
27 27
 
28
-    <Directory /opt/roundcube/temp>
28
+    <Directory /var/lib/roundcube/temp>
29 29
         AllowOverride None
30 30
         Require all denied
31 31
     </Directory>
32 32
 
33
-    <Directory /opt/roundcube/logs>
33
+    <Directory /var/lib/roundcube/logs>
34 34
         AllowOverride None
35 35
         Require all denied
36 36
     </Directory>

+ 23
- 0
secret_concat.sh Näytä tiedosto

@@ -0,0 +1,23 @@
1
+#!/bin/bash
2
+
3
+SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
4
+PREFIX="secret"
5
+
6
+cd $SCRIPTPATH/secret
7
+
8
+for dir in */ ; do
9
+    [ -L "${d%/}" ] && continue
10
+
11
+    echo "Processing ${dir%/}"
12
+
13
+    echo "${dir%/} Passwords" > $PREFIX-${dir%/}
14
+    echo >> $PREFIX-${dir%/}
15
+
16
+    for file in $dir* ; do
17
+        [ -L "$file" ] && continue
18
+        [ -d "$file" ] && continue
19
+
20
+        echo -n "${file#"$dir"}: " >> $PREFIX-${dir%/}
21
+        cat $file >> $PREFIX-${dir%/}
22
+    done
23
+done

Loading…
Peruuta
Tallenna