summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2021-07-12Revert "fix: sane_debian_system setting hostname"Lars Wirzenius1-4/+3
This reverts commit 028980c06c069914823ec965e413f272b0ae0e83.
2021-07-12fix: use correct path for daemonize on Debian 11 (bullseye)Lars Wirzenius2-4/+4
Sponsored-by: author
2021-07-12fix: use correct name for Subplot binaryLars Wirzenius1-3/+3
Sponsored-by: author
2021-07-07fix: make sure gnupg is installed before adding apt keysLars Wirzenius1-0/+4
On the Debian 11 cloud image it's not installed by default. Sponsored-by: author
2021-07-07fix: sane_debian_system setting hostnameLars Wirzenius1-3/+4
This avoids the Ansible hostname module, which breaks post-Python3.6, because they removed platform.linux_didstribution. Sigh. Sponsored-by: author
2021-03-31feat! default sane_debian_hostname to inventory hostnameLars Wirzenius3-5/+29
Doesn't break anything if hostname was already set, but just in case, bump version number, which means any users of this role need to be upgraded.
2021-03-31fix: add missing "template" to subplot YAML metadataLars Wirzenius1-0/+1
2021-03-31chore: drop unused variable quietLars Wirzenius1-2/+0
2021-03-31fix: typo in READMELars Wirzenius1-1/+1
2020-11-08feat(unix_users): allow a user to be added to extra groupsLars Wirzenius4-3/+28
2020-11-08fix(subplot/qemumgr.py): use known hosts file to avoid warningLars Wirzenius1-3/+5
"Host key added" warning was always happening in the ssh output, and it's annoying. This avoids it.
2020-11-04feat! make all sane_debian_system variables be prefixed properlyLars Wirzenius6-36/+27
This is a breaking change.
2020-11-01fix(subplot/runcmd.py): fix runcmd_run to accept an env argumentLars Wirzenius1-0/+4
2020-11-01chore: update vendored copy of runcmd.py from SubplotLars Wirzenius2-81/+247
2020-11-01sane_debian_system: check that debian_codename is setLars Wirzenius3-2/+40
2020-10-21unix_users: drop obsolete authkeys_dir variable, bump versionLars Wirzenius3-27/+32
Also, document the variables in the subplot.
2020-10-21doc: all rolesLars Wirzenius4-3/+29
2020-10-18fix(sane_debian_system): set hostname via AnsibleLars Wirzenius4-12/+25
2020-10-11fix: syntax non-errorLars Wirzenius1-1/+1
2020-10-10test(sane_debian_system): add subplot scenariosLars Wirzenius6-1/+78
2020-10-10fix(subplot/subplot.py): handle an unspecified vars file correctlyLars Wirzenius1-1/+1
Previously we created a file with a list, when it needs to be a dict.
2020-10-10doc: add instructions for usingLars Wirzenius2-1/+23
2020-10-10feat(unix_users): user MUST declare compat version they wantLars Wirzenius3-0/+13
2020-10-10test(unix_users): verify setting authorized_keysLars Wirzenius3-1/+16
2020-10-10test(unix_users): set encrypted password for usersLars Wirzenius3-0/+16
2020-10-10feat: verify unix_users can set shellLars Wirzenius3-1/+20
2020-10-10test: make test configurableLars Wirzenius5-34/+25
Create test.cfg in the source tree for this. Currently, ./check does that with hardcoded values. I may change that later if need be, but this is simple for now.
2020-10-10fix: unix_users scenario verifies user doesn't exist before creatingLars Wirzenius3-0/+11
2020-10-10fix: shebang in ./checkLars Wirzenius1-1/+1
2020-10-07fix: use a random port for Qemu clientLars Wirzenius2-3/+9
2020-10-06test: add a subplot to verify the roles workLars Wirzenius16-0/+703
2020-09-08fix(sane_debian_system): install sudoLars Wirzenius1-0/+4
2020-09-08fix(apache_server: allow apache2 restarting to failLars Wirzenius1-1/+2
2019-10-02Fix: don't fail when apache can't be startedLars Wirzenius1-1/+2
This happens on first run, since apache want to use a cert that hasn't been created yet.
2019-10-02Change: allow setting Debian release from which certbot is installedLars Wirzenius2-1/+4
2019-09-29Change: don't terminate even if certbot failsLars Wirzenius1-1/+1
Need to restart apache back up again.
2019-09-29Change: order of installing haproxy, running certbotLars Wirzenius1-6/+6
For freshly installed systems so the first run doesn't fail.
2019-05-19Fix: add newline to end of /etc/cron.d/deploy_static_site_certsLars Wirzenius1-1/+2
2019-05-19Fix: how we check that haproxy_domain is setLars Wirzenius1-14/+11
2019-02-25Change: use apt with list of packages, intead of loopingLars Wirzenius3-6/+3
2019-02-16Refactor: install daily cron job, then invoke it, instead of inlineLars Wirzenius1-14/+14
2019-01-24Change: add cron job to run deploy_static_site_certsLars Wirzenius1-0/+10
2019-01-06Fix: restart haproxy after Let's Encrypt certifiacte is renewedLars Wirzenius1-0/+1
2019-01-06Change: default Debian mirrorLars Wirzenius1-1/+1
2018-11-06Fix: recreate haproxy.pem in cron jobLars Wirzenius1-0/+11
haproxy wants a haproxy.pem that is the catenation of letsencrypt's fullchain.pem and privkey.pem. It's created by the Ansible playbook, but if you don't run Ansible for three months, the cert will expire. Add a daily cron job that recreates haproxy.pem every day. This might be doable using a certbot haproxy plugin, but I can't be arsed to find out. Don't understand why letsencrypt doesn't just create such a file by default, or why haproxy wants such a file.
2018-08-07Add: check that letsencrypt_email is setLars Wirzenius1-2/+12
2018-08-07Add: haproxy roleLars Wirzenius4-0/+146
2018-07-30Fix: well-known dir for certbotLars Wirzenius1-1/+1
2018-07-03Change: stop Apache while running certbotLars Wirzenius1-0/+2
The certbot apache support is not currently working in Debian, so this is a workaround. Not ideal, but good enough for me.
2018-07-03Change: let user group Let's Encrypt certsLars Wirzenius3-48/+65
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-11 17:22:14 +0000