Commit Graph

251 Commits

Author SHA1 Message Date
Andrea Dell'Amico 94ffed10c9 acme-sh-request-cert: do not fail if there's a valid, and not expiring, certificate already. 2020-02-07 14:54:39 +01:00
Andrea Dell'Amico d019c0d8cd Fix the behaviour when we request the certificate via http. 2020-02-04 19:17:03 +01:00
Andrea Dell'Amico 2da5d26ef6 The roundcube session lifetime is now a variable. 2020-01-30 12:29:51 +01:00
Andrea Dell'Amico af32ce30bc Change the way we enable the local recipient maps. 2020-01-25 13:58:26 +01:00
Andrea Dell'Amico c90043d44a Move the max_message_size option out of the 'if' case. 2020-01-24 13:58:05 +01:00
Andrea Dell'Amico d53b569189 Manage the transport and virtual_domains maps. 2020-01-24 13:03:07 +01:00
Andrea Dell'Amico c036b0bf8b Fix the management of the size of the attachments. 2020-01-23 11:39:29 +01:00
Andrea Dell'Amico 5c6253e917 Only one nginx role. 2020-01-22 14:37:31 +01:00
Andrea Dell'Amico 4c06ae5b2d One variable to manage the max attachment size. 2020-01-20 12:27:21 +01:00
Andrea Dell'Amico e2bd95f2c2 Role that setups remote logging in rsyslog. 2020-01-17 17:30:44 +01:00
Andrea Dell'Amico 0085eaac94 Force a restart after a clamd reconfiguration. clamupdate must be added to the clamscan group. 2020-01-14 18:49:26 +02:00
Andrea Dell'Amico a411c8d68b The AlertExceedsMax value is now managed by a variable, default 'no'. 2020-01-14 16:48:37 +02:00
Andrea Dell'Amico a054e94915 Change the permissions of /var/lib/clamav so that freshclam can write into it. 2020-01-11 16:32:46 +01:00
Andrea Dell'Amico 75dd8ca0cb Fix the boolean that manages the network interfaces settings. 2020-01-08 18:49:32 +01:00
Andrea Dell'Amico ad4ed35212 Manage the smtp and submission configurations with different variables. 2020-01-08 00:23:34 +01:00
Andrea Dell'Amico ba319f76a5 php fpm pool: Log the remote client IP address correctly. 2020-01-06 17:00:19 +01:00
Andrea Dell'Amico 214cd1d03c Fix the nginx includes filenames of the new onlyoffice package 2020-01-05 19:27:39 +01:00
Andrea Dell'Amico 9170706a03 roundcube: the available skins is now a variable. Configure enigma to support multihost as an option. 2019-12-31 15:31:19 +01:00
Andrea Dell'Amico 72810580ee Refresh the CentOS php-fpm role. 2019-12-26 17:11:20 +01:00
Andrea Dell'Amico e27747426b Set the compatibility level on Ubuntu 18.04. 2019-12-19 11:21:16 +01:00
Andrea Dell'Amico 5ca80e638a Force a postfix restart after a configuration change without waiting for the handlers to kick in. Add 'compatibility_level=2' on Ubuntu 18.04. 2019-12-19 11:15:41 +01:00
Andrea Dell'Amico 9d6370b776 Role that installs clamav end/or clamav-milter. 2019-12-18 15:47:03 +01:00
Andrea Dell'Amico f6dcee2182 The TLS level is now a paremeter everywhere. 2019-12-18 15:46:23 +01:00
Andrea Dell'Amico 05e4cb9478 postfix: changes to the configuration that runs the smtpd server. Support milter and haproxy. 2019-12-17 19:55:06 +01:00
Andrea Dell'Amico 8dd7cba5e6 springboot: install systemd units on systemd based OSs. 2019-12-16 14:10:56 +01:00
Andrea Dell'Amico 5bad5d43fa Add support for a customized logo and for enigma (pgp). 2019-12-13 13:43:03 +01:00
Andrea Dell'Amico f2c7de88c9 postgresql role: some cleanup. 2019-12-12 21:01:51 +01:00
Andrea Dell'Amico e6abbf1791 postfix relay: choose to not stop the outgoing smtp traffic. 2019-12-12 21:01:02 +01:00
Andrea Dell'Amico a4106d3dce add, commented, more tls options. 2019-12-12 21:00:07 +01:00
Andrea Dell'Amico b2c25c0f32 iptables rules: add a new conditional. 2019-12-12 20:59:33 +01:00
Andrea Dell'Amico 730885f840 roundcube: configure the service, manage the plugins list and the configuration of some of them. 2019-12-12 20:58:36 +01:00
Andrea Dell'Amico 7c25a0c20c nextcloud: fix the nginx virtualhost. The local postgresql server is now optional. 2019-12-12 20:57:02 +01:00
Andrea Dell'Amico 790a95482b Redis: do not fail stopping the service before removing the packages. 2019-12-12 13:54:17 +01:00
Andrea Dell'Amico b585baee9b postgresql and postgresql db: fix the letsencrypt configuration, new default version. 2019-12-12 13:53:24 +01:00
Andrea Dell'Amico a2ac312217 iptables: we can now set a global postresql set of rules. 2019-12-12 13:52:24 +01:00
Andrea Dell'Amico 63ca3a71a8 Install and configure tmpreaper if required, on Debian/Ubuntu. 2019-12-11 11:57:55 +01:00
Andrea Dell'Amico a6bbd67e1c keepalived: fix the default service check and the destination of the status file. 2019-12-09 14:04:10 +01:00
Andrea Dell'Amico 33d420eded Merge branch 'master' of adellam/ansible-roles into master 2019-12-09 13:36:56 +01:00
Andrea Dell'Amico 2549e8d641 Add the role that manages additional disks to the bootstrap role. 2019-12-09 13:36:36 +01:00
Franca Debole 20fa6c97ae Merge branch 'master' of debfranca/ansible-roles into master
RoundCube added ...working on progress
2019-12-07 16:06:42 +01:00
Franca Debole 1920b3c149 Added comment on install roundcube 2019-12-06 17:33:08 +01:00
Tommaso Piccioli c6228c8255 crontab hourly step postgres backup 2019-12-06 17:33:06 +01:00
Franca Debole cd435616c9 Added rouncube 2019-12-06 16:34:15 +01:00
Andrea Dell'Amico 3a64850c80 Postfix role that aims to be general purpose. 2019-12-05 18:35:55 +01:00
Andrea Dell'Amico ac16f86970 Apache: Fix some conditionals. 2019-12-05 18:32:22 +01:00
Andrea Dell'Amico 32695a0a33 Debian/Ubuntu: autoclean and autoremove packages when dist-upgrading. 2019-11-21 18:13:06 +01:00
Andrea Dell'Amico 58e596ed5d Force a cert request when something changed. 2019-11-21 14:49:03 +01:00
Andrea Dell'Amico 747c551c00 Role that installs an unconfigured dovecot service, managing firewall rules and letenscrypt hook accondingly. 2019-11-20 18:51:56 +01:00
Andrea Dell'Amico 9b4f3d3d46 Remove duplicates from the acme.sh env. Add tags that permit to install the scripts without executing them. 2019-11-20 13:24:45 +01:00
Andrea Dell'Amico 1bcd77e306 Give the option of managing some SELinux properties in the bootstrap tasks. 2019-11-19 18:56:17 +01:00
Andrea Dell'Amico 27a82ad239 Manage the postgresql firewalld rule directly in the postgresql role. 2019-11-19 13:48:53 +01:00
Andrea Dell'Amico 659e50755e Add a specific tag to the task that installs the acme.sh account file. 2019-11-15 16:19:37 +01:00
Andrea Dell'Amico 88610faf0c Give the ability to change the negative cache ttl. 2019-11-12 13:47:13 +01:00
Andrea Dell'Amico faf5b50aef acme.sh: request a certificate when the configuration did not change but no certificate is present. 2019-11-08 16:42:28 +01:00
Andrea Dell'Amico 9b5acb19b3 unbound: manage the use of stub zones. 2019-11-08 11:37:49 +01:00
Andrea Dell'Amico 9687e342c8 powerdns: Fix the also_notify template variable. 2019-11-07 17:45:28 +01:00
Andrea Dell'Amico 8cd9dc556f Fix a wrong option in the LDAP template. 2019-11-04 18:54:21 +01:00
Andrea Dell'Amico 3108ff7ee9 Manage a generic CA cert file, provided via a URL. 2019-11-04 18:53:08 +01:00
Andrea Dell'Amico d1b27304f3 Fix some boolean conditionals. 2019-11-02 17:25:46 +01:00
Andrea Dell'Amico 23921aa74a Fix some boolean checks. 2019-11-02 17:06:32 +01:00
Andrea Dell'Amico 68de4756c5 Fix the dependencies, for real. 2019-10-31 12:32:32 +01:00
Andrea Dell'Amico 1289862b9a Request the certificates as root to bind port 80. Install the certificates after having obtained them, by default. 2019-10-31 12:30:27 +01:00
Andrea Dell'Amico 29e44b27a8 Add a postgresql dependency, if the want a local db server. 2019-10-31 12:29:10 +01:00
Andrea Dell'Amico 440a783369 Configure the firewall before trying to get the X509 certificates. 2019-10-31 12:21:17 +01:00
Andrea Dell'Amico 07e7139b79 simplesaml virtualhost: set the real client ip address when behind a load balancer. 2019-10-31 11:18:21 +01:00
Andrea Dell'Amico e62d8b3ae6 Set the requested timezone on Ubuntu 18.04+ using the timedatectl client. 2019-10-30 13:54:01 +01:00
Andrea Dell'Amico f4904153b4 freeradius: create the DH file even when the certificate is not managed by letsencrypt. 2019-10-30 13:43:47 +01:00
Andrea Dell'Amico dc0cb3b15e simplesaml: do not create and install the certificates when they are externally provided. 2019-10-30 12:08:43 +01:00
Andrea Dell'Amico 02c75a7bde Give the option to specify an env file from the command line. 2019-10-30 10:38:01 +01:00
Andrea Dell'Amico 787cf219d6 Some env variables were wrong. 2019-10-30 10:32:41 +01:00
Andrea Dell'Amico b1fc6439e0 Install aptitude, fix some booleans, remove support for Debian 6. 2019-10-29 18:11:15 +01:00
Andrea Dell'Amico a7cffb1ffb Fixes to the powerdns configuration template needed by version 4.2. 2019-10-29 13:07:01 +01:00
Andrea Dell'Amico 1c0a42cdd8 Try to fix a problem with acme.sh when we ask for a certificate for the first time. 2019-10-29 13:01:36 +01:00
Andrea Dell'Amico 6bd05fe9cc Add defaults to the task that associates zones and interfaces. 2019-10-28 17:36:44 +01:00
Andrea Dell'Amico 4b5809f4b1 Set the hostname as defined in the inventory. 2019-10-28 17:36:06 +01:00
Andrea Dell'Amico 9913b65d09 Install git and socat on CentOS too. 2019-10-28 12:59:35 +01:00
Andrea Dell'Amico 53516b83cc acme.sh role: make it work on CentOS. 2019-10-28 12:51:13 +01:00
Andrea Dell'Amico bcc0e96c5c CentOS: use the acme.sh role. 2019-10-28 12:49:15 +01:00
Andrea Dell'Amico 7adc22f1b1 Dismiss the unsupported letsencrypt-acmetool-client. Use acme-sh-client everywhere. Fix the acme.sh configuration when we do not use the dns provider. 2019-10-27 20:14:15 +01:00
Andrea Dell'Amico af2319c1df Fix the exit code of the keepalive notifiy script. 2019-10-26 11:49:12 +02:00
Andrea Dell'Amico 361f51e152 keepalived: differentiate the unicast ip address between configurations. 2019-10-25 19:50:17 +02:00
Andrea Dell'Amico d53f160afb Set the hostname identical to the inventory hostname if no 'hostname' variable has been defined. 2019-10-25 19:49:32 +02:00
Andrea Dell'Amico 76aa23c024 Fix the templates, a 'server' directive was missing. 2019-10-25 19:48:41 +02:00
Andrea Dell'Amico 974f7d893a Role that manages the ntp service. 2019-10-25 12:32:10 +02:00
Andrea Dell'Amico d812967a1e RH/CentOS: use its own role for ntp. 2019-10-25 11:55:14 +02:00
Andrea Dell'Amico 69c00c4af7 Remove the ntp handler. 2019-10-25 11:39:43 +02:00
Andrea Dell'Amico b967322335 The ntp service is managed by its own role now. 2019-10-25 11:36:03 +02:00
Andrea Dell'Amico e97bb066e8 KVM host: install cloud-utils. Download the cloud images of CentOS 7 and Ubuntu Bionic. 2019-10-24 19:31:41 +02:00
Andrea Dell'Amico 6301321e16 Add support for imap email support to the redmine role. 2019-10-15 15:47:52 +02:00
Andrea Dell'Amico be108d20c6 elasticsearch: Fix the configuration when version is >= 7. 2019-10-14 12:02:40 +02:00
Andrea Dell'Amico c760fae448 Mediawiki: add tasks that initialize the wiki. Add support for a local memcached server. 2019-10-13 15:36:04 +02:00
Andrea Dell'Amico a262390283 mediawiki: Fix a couple of defaults. 2019-10-09 16:38:22 +02:00
Andrea Dell'Amico ede935b45d php-fpm: fix the path of the session files. 2019-10-09 16:25:05 +02:00
Andrea Dell'Amico 1ee45a1c54 Some changes to the mediawiki role, now with explicit dependencies. 2019-10-09 16:11:17 +02:00
Andrea Dell'Amico bd54d98a64 shinyproxy: increase the default wait time. 2019-10-08 14:32:40 +02:00
Andrea Dell'Amico 4785f2de9f nginx: support TLSv1.3 in the ssl template. 2019-10-07 13:17:38 +02:00
Andrea Dell'Amico 1b75b0bf94 Fix the KVM tasks. 2019-10-04 18:54:27 +02:00
Andrea Dell'Amico b6a3d69d55 freeradius: fix the letsencrypt hook name. 2019-10-02 14:21:05 +02:00
Andrea Dell'Amico a628b04fb3 Remove the tasks that mess up with the docker certificates. 2019-09-25 03:24:16 +02:00
Andrea Dell'Amico c96a81a33c Generate rules for the docker swarm ports. 2019-09-25 03:17:42 +02:00
Andrea Dell'Amico cdb49768b0 Docker: override the systemd unit to enable the http socket needed by the external clients. 2019-09-25 03:16:29 +02:00
Andrea Dell'Amico 4920fb8473 shinyproxy: Fix the configuration to correctly set the container backend. 2019-09-25 03:14:47 +02:00
Andrea Dell'Amico 179b0014c2 Shinyproxy: support version 2.x. Support docker-swam. Depend on openjdk. 2019-09-24 18:29:02 +02:00
Andrea Dell'Amico 3d55f3d4ac Manage the main interface explicitly while dealing with the ipv6 settings. 2019-09-24 18:17:15 +02:00
Andrea Dell'Amico 751d24740c Docker: Manage a swarm. 2019-09-24 18:16:04 +02:00
Andrea Dell'Amico ba0a801b25 Various fixes to the CKAN role. 2019-09-14 16:08:07 +02:00
Andrea Dell'Amico 36149bc631 Make the python3-env role compatible with Ubuntu 18.04. 2019-09-06 18:02:22 +02:00
Andrea Dell'Amico af6fac7a36 Fix the javamelody installation on tomcat. 2019-09-04 18:25:31 +02:00
Andrea Dell'Amico b33cd02b66 Add support for javamelody. On tomcat 8, add commons-daemon.jar. Crash on out of memory when running with JDK 8+. 2019-08-14 18:46:03 +02:00
Andrea Dell'Amico 3a9875e458 Adapt the network interfaces check to the modern ifconfig output. 2019-08-10 17:34:49 +02:00
Andrea Dell'Amico a9f4b58f35 nagios nrpe: add additional network interface names that must be checked. 2019-08-10 17:34:10 +02:00
Andrea Dell'Amico 52211d86ce acmetool: pass the correct hooks directory from the command line. Fixes https://redmine-s2i2s.isti.cnr.it/issues/16 2019-08-07 19:08:51 +02:00
Andrea Dell'Amico a089bc612a openvpn: better management of the native ldap authentication plugin. 2019-08-07 18:43:35 +02:00
Andrea Dell'Amico b2b1270b85 keepalived: Add support for VRRP over unicast. Run the check script using an unprivileged user. 2019-08-07 18:40:48 +02:00
Andrea Dell'Amico 60128ad596 powerdns-admin: it now depends on nodejs, and the initialization procedure changed sightly. 2019-08-06 15:31:40 +02:00
Andrea Dell'Amico e6900dc4ae Replace bind-caching-server with the more generic bind-nameserver. 2019-08-05 18:14:21 +02:00
Andrea Dell'Amico 2834abc140 grafana: Change the repository URL. Fix the apt: tasks. 2019-08-05 12:06:32 +02:00
Andrea Dell'Amico bb1191d585 iptables: more flexible NAT rules. 2019-08-01 19:17:30 +02:00
Andrea Dell'Amico c087d0f412 Fix a nagios task, where a loop was not correctly declared. 2019-07-30 13:13:47 +02:00
Andrea Dell'Amico 45fe30699b Add some needed defaults to the python3 role. 2019-07-25 16:18:13 +02:00
Andrea Dell'Amico 460945caf4 freeradius: manage the letsencrypt certificates and some basic configuration option. 2019-07-17 17:55:47 +02:00
Andrea Dell'Amico 4f08e78d87 Unbound: add more cusomisable fields to the server template. 2019-07-17 12:37:43 +02:00
Andrea Dell'Amico fd8c325d8e Simple role that installs freeradius and a list of freeradius modules. The configuration must be part of another role or playbook. 2019-07-15 18:41:03 +02:00
Andrea Dell'Amico c934734053 Fix the sftp chroot configuration. 2019-07-15 18:14:24 +02:00
Tommaso Piccioli 9d9f380ebf variable name fix 2019-07-10 13:05:44 +02:00
Tommaso Piccioli f3651be98d minor fix 2019-07-10 12:53:15 +02:00
Tommaso Piccioli 0ef75e20f1 allow remote control from localhost 2019-07-10 12:11:10 +02:00
Andrea Dell'Amico 56c7fd5b17 openvpn: restart the service after a certificate renewal. 2019-07-03 11:29:51 +02:00
Andrea Dell'Amico 0d0e4ca39f mysql: disable reverse name resolution by default. 2019-07-02 10:41:41 +02:00
Andrea Dell'Amico a4c4a1c386 Fix the ssl ldif. 2019-06-30 15:50:35 +02:00
Andrea Dell'Amico 4ee9627f56 Immediately restart the nrpe service after a configuration change. 2019-06-27 18:36:36 +02:00
Andrea Dell'Amico 63d95a54b3 A 'block' directive was missing. 2019-06-24 18:33:09 +02:00
Andrea Dell'Amico 9fd5c932d5 Role that installs and configures a simplesaml instance. 2019-06-24 18:14:16 +02:00
Andrea Dell'Amico a623f414ba Additional cleanup of the php-related variables. 2019-06-24 12:23:52 +02:00
Andrea Dell'Amico 57998a207a Change the default version. 2019-06-22 17:05:31 +02:00
Andrea Dell'Amico 869e783b01 Fix the nagios apt usage. 2019-06-13 13:33:49 +02:00
Andrea Dell'Amico 27ae09856c Install the python3 ppa also on Ubuntu 16.04. Use the role to install packages on 18.04 too. 2019-06-11 19:15:27 +02:00
Andrea Dell'Amico f44b5011c9 Set the 'jdk_default' variable in the openjdk role defaults. 2019-06-10 14:21:26 +02:00
Andrea Dell'Amico f206ba68ef Fix the prometheus systemd unit of the node and haproxy exporters. Again. 2019-06-10 14:03:10 +02:00
Andrea Dell'Amico be33a29601 cleanup the python-env role. 2019-06-06 19:13:13 +02:00
Andrea Dell'Amico d42f5c5b3c Give the option to force a run of the pip fixer script, on Ubuntu Trusty. 2019-06-06 19:10:55 +02:00
Andrea Dell'Amico de72fca3f7 prometheus node and haproxy exporter: fix the systemd unit. 2019-06-05 19:03:35 +02:00
Andrea Dell'Amico 0277b6a2be update_r_packages: upgrade the dependencies of packaages installed from github without asking for confirmation. 2019-06-03 18:27:51 +02:00
Andrea Dell'Amico 0ac65ddd89 Fix the command line options of the haproxy exporter systemd unit. 2019-05-31 19:00:55 +02:00
Andrea Dell'Amico a45761e931 Fix the prometheus user in the systemd service of the haproxy exporter. 2019-05-31 18:43:57 +02:00
Andrea Dell'Amico 2f3b0add6d nagios_isti_plugdir renamed into nagios_local_plugdir. 2019-05-31 17:45:44 +02:00
Andrea Dell'Amico 6fab3bb2ef Unbound: Make it work on Ubuntu bionic and systemd 2019-05-30 19:04:52 +02:00
Andrea Dell'Amico ff7f2b6188 keepalived: do not install the PPA on Ubuntu bionic. 2019-05-30 18:18:26 +02:00
Andrea Dell'Amico 22051c8a21 Add the bootstrap roles and some tasks collections. 2019-05-15 01:23:45 +02:00
Andrea Dell'Amico 4cb34462d9 Add the CentOS roles. Losing history. 2019-05-15 01:22:27 +02:00