Thomas Buck
1b7628c756
Install ACL so newer ansible versions can properly upload scripts from and for unprivileged users.
hace 5 años
Thomas Buck
c71c6d8559
Use new style of calling apt in ansible
hace 5 años
Thomas Buck
3dc25b1bc9
common was missing db admin user pass in default vars.
hace 5 años
Thomas Buck
472dd068c2
Remove unneeded testing / vagrant stuff.
hace 5 años
Thomas Buck
03f37267df
Remove cgit/gitolite git repo hosting
hace 6 años
Thomas Buck
82a931b55d
Remove Tarsnap stuff
hace 6 años
Thomas Buck
31afcaa7b9
Remove encfs and call directory data instead of decrypted
hace 6 años
Thomas Buck
183b80da8d
Remove Google Authenticator / Two-Factor Authentification
hace 6 años
Brett Haines
eddcdd7993
Updating fail2ban jail list
hace 6 años
Óscar Nájera
8f0cc14f76
Fix: Ansible uses the value present in apt module state parameter
hace 6 años
Óscar Nájera
ae0594dc4a
use mozilla sshd config on algorithms
hace 6 años
Bryan Voss
128b7e63a2
Update for Debian 9
hace 7 años
Ndubisi Nwaku
55770977da
Add group name ssl-cert for SSL certificates
hace 7 años
Aleksandr Bogdanov
cdc0d3fb4e
Fixing encfs shell invocation for ansible 2 compatibility
hace 7 años
Óscar Nájera
0635815b52
Ensure en_US.UTF-8 locale is present
hace 8 años
Wolfgang Steitz
3a42d15850
setup posgres within the common role
Postgres is used by several roles, but the setup is currently part of the 'mailserver' role. By moving it to 'common', it's possible to disable the mailserver without breaking the others.
hace 8 años
Mike Ashley
fc023dfc31
Clean up merge
Clean up some artifacts from the merge to match the `jessie` branch.
Keep the changes on master made with commits bfe6fe84 and e229c551 .
hace 8 años
Tomas Bedrich
3efc7ae54e
Allowed SSH agent forwarding when using sudo
hace 8 años
Dosenpfand
9697cbe6b3
Silence letsencrypt cron output unless there is an error
hace 8 años
Tomas Bedrich
7a399d45ca
Fix SSH connections to Github
hace 8 años
Mike Ashley
0e7adf6e3a
Fix bug exposed by commit 264c232b (#572 )
The `private_key` variable used to check for changes was never
registered.
hace 8 años
Simon Schoeters
264c232bbf
Remove duplicate when statement in Let's Encrypt task
While adding the Let's Encrypt offline testing block in 1746afcc we
accidentially duplicated a the 'when' statement. Ansible only looks at
the last when statement for a given block meaning the earlier one has no
use. This commit merges both lines in one.
hace 8 años
Allen Riddell
9f34027d8b
Add common default vars to role
hace 8 años
Allen Riddell
e95caea06c
common: use password lookup to generate passwords
See https://docs.ansible.com/ansible/playbooks_lookups.html
hace 8 años
Dosenpfand
f2c14dd911
Remove unneeded/deprecated apache configuration
hace 8 años
Tomas Bedrich
899f527ca3
Updated LE renewal hook system
hace 8 años
Tomas Bedrich
9786230808
Changed LE-renew cron frequency
hace 8 años
Tomas Bedrich
e08acd2deb
Simplified LE renew script
hace 8 años
Carl Meyer
60855eda70
Fix typo in fail2ban config for dovecot.
hace 8 años
Mike Ashley
3d68705341
Add leading 0 to octal file permissions
This is done to suppress warnings from ansible-lint.
hace 8 años
Mike Ashley
4a33ebecdc
Add non-interactive to LE client options
Depending on when the client is run, there are no certificates to
update. By default, the client runs in interactive mode and wants to
notify the user of this. This causes Ansible to hang waiting for an
acknowledgement that will never come. Adding the non-interactive flag
fixes this.
hace 8 años
Carl Meyer
a343509129
No need for letsencrypt.yml to ensure Apache is running.
hace 8 años
Carl Meyer
579afa68d3
Add comment into letsencrypt-gencert script clarifying why we stop Apache.
hace 8 años
Carl Meyer
0abf92734e
Don't stop Apache until we have to; start it again right after.
hace 8 años
Carl Meyer
a636a43948
Don't try to execute any non-executable file in LE postrenew dir.
hace 8 años
Carl Meyer
a5f3ec17c1
Workaround bug with enabling SysV scripts on Jessie.
hace 8 años
Carl Meyer
c3c2cbf096
Don't bounce Apache unless we actually need to.
hace 8 años
Carl Meyer
cc4b3d6fef
Don't request a new LE cert if we have one already.
hace 8 años
Carl Meyer
3009c9d2d3
Fix changed-reporting for LE deps installation.
hace 8 años
Carl Meyer
e8796ecd28
Idempotent and independent post-certificate-renewal tasks.
hace 8 años
nodiscc
d876c87e21
bash syntax cleanup
as per discussion in https://github.com/sovereign/sovereign/pull/504
hace 8 años
Carl Meyer
b93deb9411
Remove stray + prefix in sudoers file.
hace 8 años
Allen Riddell
a77f9b95ad
Replace deprecated sudo_user with become_user
The ``sudo`` and ``sudo_user`` directives are replaced with ``become``
and ``become_user`` in Ansible 1.9.
hace 8 años
Mike Ashley
3d4987c4e2
Use a more descriptive name for cert generation script
hace 8 años
Mike Ashley
a38f4e08d3
Force download of letsencrypt release
The installer automatically updates itself, which registers as a change
in the git repo. To maintain idempotency of the task list, the repo
download must be forced.
hace 8 años
Mike Ashley
5385badd49
Correct bug in SSL cert setup for test environment
hace 8 años
Mike Ashley
bc5bfa4b21
Determine registered subdomains at deploy-time for LE
hace 9 años
Mike Ashley
2ad6f78e45
Address incomplete chain error
Fix Apache's configuration for version 2.4.8 and above. See
https://community.letsencrypt.org/t/untrusted-on-mobile-newbe/7903
hace 9 años
Mike Ashley
58e9e7a445
Add a short introduction to Let's Encrypt
hace 9 años
Mike Ashley
86048ee397
Update prosody to use LE certs directly
Don't copy the LE certificates. Instead use the ssl-cert group to
manage access to the LE certificates directly. See
https://github.com/letsencrypt/letsencrypt/issues/1425 for a request to
have the LE client do this itself.
hace 9 años