Thomas Buck
630e548fe9
add tasks for creating swapfiles. move tasks from common/main to common/basics.
il y a 2 ans
Thomas Buck
e6bd74153d
creating domain list for letsencrypt dynamically. some other small fixes.
il y a 3 ans
Thomas Buck
b37d78c1f9
more fixes to support debian 10
il y a 3 ans
Thomas Buck
37dd16fb67
add sslletsencrypt and sslselfsigned roles for internal servers
il y a 3 ans
Thomas Buck
8b83bd66b1
Properly setup hostname
il y a 5 ans
Thomas Buck
bad2e4f9a1
Add tmux to common programs. Generate german locale. Remove unneeded empty lines.
il y a 5 ans
Thomas Buck
1b7628c756
Install ACL so newer ansible versions can properly upload scripts from and for unprivileged users.
il y a 5 ans
Thomas Buck
c71c6d8559
Use new style of calling apt in ansible
il y a 5 ans
Thomas Buck
31afcaa7b9
Remove encfs and call directory data instead of decrypted
il y a 5 ans
Thomas Buck
183b80da8d
Remove Google Authenticator / Two-Factor Authentification
il y a 5 ans
Óscar Nájera
8f0cc14f76
Fix: Ansible uses the value present in apt module state parameter
il y a 6 ans
Bryan Voss
128b7e63a2
Update for Debian 9
il y a 7 ans
Óscar Nájera
0635815b52
Ensure en_US.UTF-8 locale is present
il y a 7 ans
Wolfgang Steitz
3a42d15850
setup posgres within the common role
Postgres is used by several roles, but the setup is currently part of the 'mailserver' role. By moving it to 'common', it's possible to disable the mailserver without breaking the others.
il y a 8 ans
Mike Ashley
3d68705341
Add leading 0 to octal file permissions
This is done to suppress warnings from ansible-lint.
il y a 8 ans
Mike Ashley
8e1d473027
Use Let's Encrypt for generating site certificates
This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.
il y a 9 ans
Mike Ashley
195d8811fc
Remove references to Trusty and Wheezy
Make a clean distinction between Debian 7 and Debian 8. Anticipate the
next Ubuntu LTS release (Xenial) that is planned for support.
il y a 8 ans
Laurent Arnoud
1419c4e26e
Use common_timezone and fix idempotence
Thanks-to: 8e693b3db3
Conflicts:
roles/common/tasks/main.yml
il y a 9 ans
Laurent Arnoud
dfb1b764d7
Use common_timezone and fix idempotence
Thanks-to: 8e693b3db3
il y a 9 ans
Alex Payne
c9b32cd2e2
Same Google auth install should work for both Jessie and Trusty.
Move Apache task to their own file.
il y a 9 ans
Alex Payne
006f8e9b82
Just plain Ruby
il y a 9 ans
Manfred Touron
16c93ea486
Using more verbose 'dependencies' tag (#393 )
il y a 9 ans
Manfred Touron
b49f3a6586
Tagged 'deps' aptitude tasks
il y a 9 ans
Laurent Arnoud
353e69d299
Remove duplication with items unattended upgrades
il y a 9 ans
Laurent Arnoud
89d47731ff
Add molly-guard and unattended-upgrades as common pkgs
il y a 9 ans
Aleksandr Bogdanov
a849948e8d
Choosing the closest ubuntu mirror before anything else
il y a 10 ans
Sven Neuhaus
ae58053653
Create /decrypted directory even if encfs is not used.
Helps with issue #120 .
il y a 9 ans
fengor
2fd1e1b722
readded google authenticator lines
il y a 10 ans
fengor
224e8cb339
Setting timezone to UTC
il y a 10 ans
Lorenzo Villani
d5ecf673d3
Calm OCD by sorting almost every with_items block in alphabetical order
il y a 10 ans
Lorenzo Villani
e7703d0d9c
Add support for Apache 2.4 on Ubuntu 14.04
il y a 10 ans
Sven Neuhaus
63ba754eb7
libpam-google-authenticator uses distribution package on Ubuntu 14.04
il y a 10 ans
Gelnior
7995bac36c
put back enc.fs (removed by mistake)
il y a 10 ans
Gelnior
bd57edd5a5
newebe config: fix Newebe config file task
il y a 10 ans
Justin Plock
22a8717f6d
Automatically generate the Google authenticator file for the default user
il y a 10 ans
Justin Plock
84c9febec7
Added Google Authenticator 2FA logins
il y a 10 ans
Justin Plock
9f918363b9
Set a ServerName for apache (fixes #187 )
il y a 10 ans
Joost Baaij
4837d2e87a
extract NTP logic
il y a 11 ans
Joost Baaij
2033c37982
Enabled unattended-upgrades
This works on Debian/Ubuntu only.
There are similar packages for other distributions, but they still
need manual configuration. It seemed better to go for the common
denominator. unattended-upgrades is usually installed by default
anyway, so we are just reinforcing best practices.
il y a 11 ans
Alex Payne
f7f7157cec
more updated variable formatting and accommodation of the YAML parser being a fussbudget
il y a 11 ans
Alex Payne
34d7595c0b
ensure we can install from third-party repos across playbooks
il y a 11 ans
Luke Cyca
2f145ce543
Two small apache-related fixes
il y a 11 ans
Luke Cyca
37a0400c22
Standardize apache’s 301 redirect to https, and enable HSTS
il y a 11 ans
Allen Riddell
88705bb7fa
Replace ferm with ufw
il y a 11 ans
Bertrand Cachet
373cb4584b
add(apticron): configure email
Apticron is configured to send email to {{ admin_email }}
il y a 11 ans
Alex Payne
f27442b678
move tarsnap to its own role
il y a 11 ans
Luke Cyca
7e2ce80a25
Update apt repo and upgrade safe packages
il y a 11 ans
Luke Cyca
09c8fcb295
Named all tasks and made them idempotent where possible
il y a 11 ans
Luke Cyca
6168cd68d0
Automate encfs setup and name mount point more appropriately
il y a 11 ans
Luke Cyca
921cebb41d
Fix invalid service state
il y a 11 ans