Add instructions for making crypt salted hashes using Python and passlib
Quotes removed around salts and hashes in existing examples because, AFAIK,
base64-encoded strings contain no characters which must be escaped in YAML (the
following are not in base64: '!', ':', '|', '>').
Closes #293
ZNC module compilation can fail on memory-limited systems, causing ZNC
to not work properly. But even after the failure, make install still
creates /usr/local/bin/znc. Thus Ansible would skip the ZNC build and
install step on future runs, despite ZNC not being correctly installed,
causing the playbook to appear to complete successfully and requiring
manual troubleshooting.
This commit moves the monitoring role to the bottom of site.yml so that
it is executed after all other roles.
This is needed because the monitoring role conditionally installs Monit
configuration file based on whether some other packages have been
installed or not (such as ZNC).
This patch also adds a comment to the "monitoring" entry within the
"roles" list and a `roles/monitoring/README.md` file telling users why
the monitoring role has to come last.
Resolves #284
Newebe: improve playbook and don't fail on first installation
- Add test
- Fixed Newebe's playbook failing on first run on a fresh Debian 7 VM
- Restart supervisord on changes
- Security: Use /usr/sbin/nologin as login shell for newebe user
- Speed: Consolidate all 'apt' entries into one
- Strip trailing whitespaces
- Update to take advantage of apache2_module from Ansible 1.6
- Use file path=... state=absent instead of "rm" command to delete files
Make the test suite work with latest Vagrant configuration
Adjust cipher suite assertions to match what's currently reported by the
server.
Remove WebTests.test_znc_http test since ZNC web interface isn't exposed to
the Internet.
(Tested only with Debian 7 VM from the Vagrantfile)
ZNC 1.4 uses a new section within the configuration file to specify
password hash and salt. This requires adding a new Ansible variable
'irc_password_salt'.
Also update the README file to reflect above changes.
Update the Vagrantfile so that it is possible (and easier) to spin up Debian
7, Ubuntu 12.04 and Ubuntu 14.04 VMs. Although Vagrant allows spinning up all
of them simultaneously, there may be conflicts assigning host names and IP
addresses.
This Vagrantfile also enables the vagrant-cachier plugin (if installed) to
cache downloaded packages across subsequent runs of the same VM.
Running "vagrant up" will bring up only the Debian VM since it is the
officially supported Linux distributions. Ubuntu 12.04 and Ubuntu 14.04 must
be started explicitly by running either "vagrant up precise" or "vagrant up
trusty".
Make sure to remove 'install' directory if wallabag is already installed
Subsequent runs of wallabag's playbook result in the 'install' directory being
recreated, (after the "Clone wallabag" step) kicking wallabag's first time
setup procedure.
With this patch we automatically remove the 'install' directory if wallabag's
configuration file appears to be in place before cloning the repository.
Indicate how to make dovecot and znc password hashes in Python
Solves the chicken-or-the-egg problem of generating a dovecot and znc salted
password hash without already having dovecot and znc installed. That is, people
are installing sovereign typically do not have dovecot and znc installed and
have no way of generating the required salted password hashes.
Python 3 standard library generates SHA512-CRYPT salted password hashes by
default so it is particularly convenient for configuring dovecot:
python3 -c 'import crypt; print(crypt.crypt('password'))'
For ZNC, the required command is slightly more verbose.