Thomas Buck
8b83bd66b1
Properly setup hostname
5 年之前
Thomas Buck
5684f3c673
Install fail2ban with IPv6 support from stretch-backports (Debian 9).
5 年之前
Thomas Buck
72cb7a3d23
letsencrypt cert folder should stay with ssl-cert group
5 年之前
Thomas Buck
bad2e4f9a1
Add tmux to common programs. Generate german locale. Remove unneeded empty lines.
5 年之前
Thomas Buck
04ba7ad539
Added Fathom statistics tracker to blog task
5 年之前
Thomas Buck
4cf67e7aed
Explicitly install postgres-9.6 and fix monit pid-file location for it.
5 年之前
Thomas Buck
f34c0c827f
Typo in common apache config, file actually ends with .conf
5 年之前
Thomas Buck
c41cd737fd
Support multiple domains for letsencrypt
5 年之前
Thomas Buck
1b7628c756
Install ACL so newer ansible versions can properly upload scripts from and for unprivileged users.
5 年之前
Thomas Buck
c71c6d8559
Use new style of calling apt in ansible
5 年之前
Thomas Buck
472dd068c2
Remove unneeded testing / vagrant stuff.
5 年之前
Thomas Buck
31afcaa7b9
Remove encfs and call directory data instead of decrypted
6 年之前
Thomas Buck
183b80da8d
Remove Google Authenticator / Two-Factor Authentification
6 年之前
Óscar Nájera
8f0cc14f76
Fix: Ansible uses the value present in apt module state parameter
6 年之前
Bryan Voss
128b7e63a2
Update for Debian 9
7 年之前
Ndubisi Nwaku
55770977da
Add group name ssl-cert for SSL certificates
7 年之前
Aleksandr Bogdanov
cdc0d3fb4e
Fixing encfs shell invocation for ansible 2 compatibility
7 年之前
Óscar Nájera
0635815b52
Ensure en_US.UTF-8 locale is present
8 年之前
Wolfgang Steitz
3a42d15850
setup posgres within the common role
Postgres is used by several roles, but the setup is currently part of the 'mailserver' role. By moving it to 'common', it's possible to disable the mailserver without breaking the others.
8 年之前
Mike Ashley
0e7adf6e3a
Fix bug exposed by commit 264c232b (#572 )
The `private_key` variable used to check for changes was never
registered.
8 年之前
Simon Schoeters
264c232bbf
Remove duplicate when statement in Let's Encrypt task
While adding the Let's Encrypt offline testing block in 1746afcc we
accidentially duplicated a the 'when' statement. Ansible only looks at
the last when statement for a given block meaning the earlier one has no
use. This commit merges both lines in one.
8 年之前
Dosenpfand
f2c14dd911
Remove unneeded/deprecated apache configuration
8 年之前
Tomas Bedrich
899f527ca3
Updated LE renewal hook system
8 年之前
Tomas Bedrich
9786230808
Changed LE-renew cron frequency
8 年之前
Mike Ashley
3d68705341
Add leading 0 to octal file permissions
This is done to suppress warnings from ansible-lint.
8 年之前
Carl Meyer
a343509129
No need for letsencrypt.yml to ensure Apache is running.
8 年之前
Carl Meyer
a5f3ec17c1
Workaround bug with enabling SysV scripts on Jessie.
8 年之前
Carl Meyer
c3c2cbf096
Don't bounce Apache unless we actually need to.
8 年之前
Carl Meyer
cc4b3d6fef
Don't request a new LE cert if we have one already.
8 年之前
Carl Meyer
3009c9d2d3
Fix changed-reporting for LE deps installation.
8 年之前
Carl Meyer
e8796ecd28
Idempotent and independent post-certificate-renewal tasks.
8 年之前
Allen Riddell
a77f9b95ad
Replace deprecated sudo_user with become_user
The ``sudo`` and ``sudo_user`` directives are replaced with ``become``
and ``become_user`` in Ansible 1.9.
8 年之前
Mike Ashley
3d4987c4e2
Use a more descriptive name for cert generation script
8 年之前
Mike Ashley
a38f4e08d3
Force download of letsencrypt release
The installer automatically updates itself, which registers as a change
in the git repo. To maintain idempotency of the task list, the repo
download must be forced.
8 年之前
Mike Ashley
5385badd49
Correct bug in SSL cert setup for test environment
8 年之前
Mike Ashley
bc5bfa4b21
Determine registered subdomains at deploy-time for LE
9 年之前
Mike Ashley
86048ee397
Update prosody to use LE certs directly
Don't copy the LE certificates. Instead use the ssl-cert group to
manage access to the LE certificates directly. See
https://github.com/letsencrypt/letsencrypt/issues/1425 for a request to
have the LE client do this itself.
9 年之前
Mike Ashley
1746afcc3a
Arrange automated tests to not use Let's Encrypt
9 年之前
Mike Ashley
8e1d473027
Use Let's Encrypt for generating site certificates
This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.
9 年之前
Mike Ashley
7f46129a4c
Remove use of wildcard certificate
9 年之前
Mike Ashley
195d8811fc
Remove references to Trusty and Wheezy
Make a clean distinction between Debian 7 and Debian 8. Anticipate the
next Ubuntu LTS release (Xenial) that is planned for support.
8 年之前
Mike Ashley
d3abc02f84
Clean up Apache SSL configuration
Avoid using the Include directive. Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.
9 年之前
Sebastian Kriems
fe536873b7
ufw tasks shall have the ufw tag
resolves #453
Conflicts:
roles/common/tasks/ufw.yml
9 年之前
Dan Milon
829c8491c7
restart apache on SSL changes
9 年之前
Dan Milon
a5c6f663ce
properly install changed SSL certificate
9 年之前
Sven Neuhaus
d59c5eff05
Generate 2048 DH group and add it to Postfix
9 年之前
Dan Milon
2fb7cfa7c9
Add SSL stapling cache for apache
Fixes #406
9 年之前
Laurent Arnoud
1419c4e26e
Use common_timezone and fix idempotence
Thanks-to: 8e693b3db3
Conflicts:
roles/common/tasks/main.yml
9 年之前
Sebastian Kriems
968abba197
ufw tasks shall have the ufw tag
resolves #453
9 年之前
Sven Neuhaus
20bd80c599
Generate 2048 DH group and add it to Postfix
9 年之前