Thomas Buck
5684f3c673
Install fail2ban with IPv6 support from stretch-backports (Debian 9).
5 years ago
Thomas Buck
72cb7a3d23
letsencrypt cert folder should stay with ssl-cert group
5 years ago
Thomas Buck
bad2e4f9a1
Add tmux to common programs. Generate german locale. Remove unneeded empty lines.
5 years ago
Thomas Buck
04ba7ad539
Added Fathom statistics tracker to blog task
5 years ago
Thomas Buck
4cf67e7aed
Explicitly install postgres-9.6 and fix monit pid-file location for it.
5 years ago
Thomas Buck
f34c0c827f
Typo in common apache config, file actually ends with .conf
5 years ago
Thomas Buck
c41cd737fd
Support multiple domains for letsencrypt
5 years ago
Thomas Buck
1b7628c756
Install ACL so newer ansible versions can properly upload scripts from and for unprivileged users.
5 years ago
Thomas Buck
c71c6d8559
Use new style of calling apt in ansible
5 years ago
Thomas Buck
472dd068c2
Remove unneeded testing / vagrant stuff.
5 years ago
Thomas Buck
31afcaa7b9
Remove encfs and call directory data instead of decrypted
5 years ago
Thomas Buck
183b80da8d
Remove Google Authenticator / Two-Factor Authentification
5 years ago
Óscar Nájera
8f0cc14f76
Fix: Ansible uses the value present in apt module state parameter
6 years ago
Bryan Voss
128b7e63a2
Update for Debian 9
7 years ago
Ndubisi Nwaku
55770977da
Add group name ssl-cert for SSL certificates
7 years ago
Aleksandr Bogdanov
cdc0d3fb4e
Fixing encfs shell invocation for ansible 2 compatibility
7 years ago
Óscar Nájera
0635815b52
Ensure en_US.UTF-8 locale is present
7 years ago
Wolfgang Steitz
3a42d15850
setup posgres within the common role
Postgres is used by several roles, but the setup is currently part of the 'mailserver' role. By moving it to 'common', it's possible to disable the mailserver without breaking the others.
8 years ago
Mike Ashley
0e7adf6e3a
Fix bug exposed by commit 264c232b (#572 )
The `private_key` variable used to check for changes was never
registered.
8 years ago
Simon Schoeters
264c232bbf
Remove duplicate when statement in Let's Encrypt task
While adding the Let's Encrypt offline testing block in 1746afcc we
accidentially duplicated a the 'when' statement. Ansible only looks at
the last when statement for a given block meaning the earlier one has no
use. This commit merges both lines in one.
8 years ago
Dosenpfand
f2c14dd911
Remove unneeded/deprecated apache configuration
8 years ago
Tomas Bedrich
899f527ca3
Updated LE renewal hook system
8 years ago
Tomas Bedrich
9786230808
Changed LE-renew cron frequency
8 years ago
Mike Ashley
3d68705341
Add leading 0 to octal file permissions
This is done to suppress warnings from ansible-lint.
8 years ago
Carl Meyer
a343509129
No need for letsencrypt.yml to ensure Apache is running.
8 years ago
Carl Meyer
a5f3ec17c1
Workaround bug with enabling SysV scripts on Jessie.
8 years ago
Carl Meyer
c3c2cbf096
Don't bounce Apache unless we actually need to.
8 years ago
Carl Meyer
cc4b3d6fef
Don't request a new LE cert if we have one already.
8 years ago
Carl Meyer
3009c9d2d3
Fix changed-reporting for LE deps installation.
8 years ago
Carl Meyer
e8796ecd28
Idempotent and independent post-certificate-renewal tasks.
8 years ago
Allen Riddell
a77f9b95ad
Replace deprecated sudo_user with become_user
The ``sudo`` and ``sudo_user`` directives are replaced with ``become``
and ``become_user`` in Ansible 1.9.
8 years ago
Mike Ashley
3d4987c4e2
Use a more descriptive name for cert generation script
8 years ago
Mike Ashley
a38f4e08d3
Force download of letsencrypt release
The installer automatically updates itself, which registers as a change
in the git repo. To maintain idempotency of the task list, the repo
download must be forced.
8 years ago
Mike Ashley
5385badd49
Correct bug in SSL cert setup for test environment
8 years ago
Mike Ashley
bc5bfa4b21
Determine registered subdomains at deploy-time for LE
8 years ago
Mike Ashley
86048ee397
Update prosody to use LE certs directly
Don't copy the LE certificates. Instead use the ssl-cert group to
manage access to the LE certificates directly. See
https://github.com/letsencrypt/letsencrypt/issues/1425 for a request to
have the LE client do this itself.
8 years ago
Mike Ashley
1746afcc3a
Arrange automated tests to not use Let's Encrypt
9 years ago
Mike Ashley
8e1d473027
Use Let's Encrypt for generating site certificates
This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.
9 years ago
Mike Ashley
7f46129a4c
Remove use of wildcard certificate
9 years ago
Mike Ashley
195d8811fc
Remove references to Trusty and Wheezy
Make a clean distinction between Debian 7 and Debian 8. Anticipate the
next Ubuntu LTS release (Xenial) that is planned for support.
8 years ago
Mike Ashley
d3abc02f84
Clean up Apache SSL configuration
Avoid using the Include directive. Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.
8 years ago
Sebastian Kriems
fe536873b7
ufw tasks shall have the ufw tag
resolves #453
Conflicts:
roles/common/tasks/ufw.yml
9 years ago
Dan Milon
829c8491c7
restart apache on SSL changes
9 years ago
Dan Milon
a5c6f663ce
properly install changed SSL certificate
9 years ago
Sven Neuhaus
d59c5eff05
Generate 2048 DH group and add it to Postfix
9 years ago
Dan Milon
2fb7cfa7c9
Add SSL stapling cache for apache
Fixes #406
9 years ago
Laurent Arnoud
1419c4e26e
Use common_timezone and fix idempotence
Thanks-to: 8e693b3db3
Conflicts:
roles/common/tasks/main.yml
9 years ago
Sebastian Kriems
968abba197
ufw tasks shall have the ufw tag
resolves #453
9 years ago
Sven Neuhaus
20bd80c599
Generate 2048 DH group and add it to Postfix
9 years ago
Dan Milon
34f3a483aa
Add SSL stapling cache for apache
Fixes #406
9 years ago