Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2020-11-08 | feat(unix_users): allow a user to be added to extra groups | Lars Wirzenius | 4 | -3/+28 | |
2020-11-04 | feat! make all sane_debian_system variables be prefixed properly | Lars Wirzenius | 6 | -36/+27 | |
This is a breaking change. | |||||
2020-11-01 | sane_debian_system: check that debian_codename is set | Lars Wirzenius | 1 | -0/+15 | |
2020-10-21 | unix_users: drop obsolete authkeys_dir variable, bump version | Lars Wirzenius | 3 | -27/+32 | |
Also, document the variables in the subplot. | |||||
2020-10-21 | doc: all roles | Lars Wirzenius | 3 | -0/+17 | |
2020-10-18 | fix(sane_debian_system): set hostname via Ansible | Lars Wirzenius | 4 | -12/+25 | |
2020-10-11 | fix: syntax non-error | Lars Wirzenius | 1 | -1/+1 | |
2020-10-10 | test(sane_debian_system): add subplot scenarios | Lars Wirzenius | 6 | -1/+78 | |
2020-10-10 | doc: add instructions for using | Lars Wirzenius | 1 | -1/+1 | |
2020-10-10 | feat(unix_users): user MUST declare compat version they want | Lars Wirzenius | 3 | -0/+13 | |
2020-10-10 | test(unix_users): verify setting authorized_keys | Lars Wirzenius | 3 | -1/+16 | |
2020-10-10 | test(unix_users): set encrypted password for users | Lars Wirzenius | 3 | -0/+16 | |
2020-10-10 | feat: verify unix_users can set shell | Lars Wirzenius | 3 | -1/+20 | |
2020-10-10 | fix: unix_users scenario verifies user doesn't exist before creating | Lars Wirzenius | 3 | -0/+11 | |
2020-10-06 | test: add a subplot to verify the roles work | Lars Wirzenius | 3 | -0/+28 | |
2020-09-08 | fix(sane_debian_system): install sudo | Lars Wirzenius | 1 | -0/+4 | |
2020-09-08 | fix(apache_server: allow apache2 restarting to fail | Lars Wirzenius | 1 | -1/+2 | |
2019-10-02 | Fix: don't fail when apache can't be started | Lars Wirzenius | 1 | -1/+2 | |
This happens on first run, since apache want to use a cert that hasn't been created yet. | |||||
2019-10-02 | Change: allow setting Debian release from which certbot is installed | Lars Wirzenius | 2 | -1/+4 | |
2019-09-29 | Change: don't terminate even if certbot fails | Lars Wirzenius | 1 | -1/+1 | |
Need to restart apache back up again. | |||||
2019-09-29 | Change: order of installing haproxy, running certbot | Lars Wirzenius | 1 | -6/+6 | |
For freshly installed systems so the first run doesn't fail. | |||||
2019-05-19 | Fix: add newline to end of /etc/cron.d/deploy_static_site_certs | Lars Wirzenius | 1 | -1/+2 | |
2019-05-19 | Fix: how we check that haproxy_domain is set | Lars Wirzenius | 1 | -14/+11 | |
2019-02-25 | Change: use apt with list of packages, intead of looping | Lars Wirzenius | 3 | -6/+3 | |
2019-02-16 | Refactor: install daily cron job, then invoke it, instead of inline | Lars Wirzenius | 1 | -14/+14 | |
2019-01-24 | Change: add cron job to run deploy_static_site_certs | Lars Wirzenius | 1 | -0/+10 | |
2019-01-06 | Fix: restart haproxy after Let's Encrypt certifiacte is renewed | Lars Wirzenius | 1 | -0/+1 | |
2019-01-06 | Change: default Debian mirror | Lars Wirzenius | 1 | -1/+1 | |
2018-11-06 | Fix: recreate haproxy.pem in cron job | Lars Wirzenius | 1 | -0/+11 | |
haproxy wants a haproxy.pem that is the catenation of letsencrypt's fullchain.pem and privkey.pem. It's created by the Ansible playbook, but if you don't run Ansible for three months, the cert will expire. Add a daily cron job that recreates haproxy.pem every day. This might be doable using a certbot haproxy plugin, but I can't be arsed to find out. Don't understand why letsencrypt doesn't just create such a file by default, or why haproxy wants such a file. | |||||
2018-08-07 | Add: check that letsencrypt_email is set | Lars Wirzenius | 1 | -2/+12 | |
2018-08-07 | Add: haproxy role | Lars Wirzenius | 4 | -0/+146 | |
2018-07-30 | Fix: well-known dir for certbot | Lars Wirzenius | 1 | -1/+1 | |
2018-07-03 | Change: stop Apache while running certbot | Lars Wirzenius | 1 | -0/+2 | |
The certbot apache support is not currently working in Debian, so this is a workaround. Not ideal, but good enough for me. | |||||
2018-07-03 | Change: let user group Let's Encrypt certs | Lars Wirzenius | 3 | -48/+65 | |
2018-06-19 | Change: support static website aliases for letsenrypt | Lars Wirzenius | 2 | -15/+17 | |
2018-05-30 | Fix: drop jinja2 templating from a "when:" | Lars Wirzenius | 1 | -1/+1 | |
2018-05-30 | Fix: allow access via HTTP when no HTTPS is to be required | Lars Wirzenius | 1 | -0/+1 | |
2018-05-22 | Fix: enable apache ssl module only after configs | Lars Wirzenius | 1 | -8/+8 | |
2018-05-18 | Change: allow .well-known dir be outside webroot | Lars Wirzenius | 3 | -9/+18 | |
2018-05-18 | Fix: don't run things that require letencrypt vars, unlss desired | Lars Wirzenius | 1 | -0/+3 | |
2018-05-18 | Change: don't use Let's Encrypt certificates by default | Lars Wirzenius | 1 | -1/+1 | |
2018-05-12 | Add: support optional Let's Encrypt TLS certs for static web sites | Lars Wirzenius | 4 | -4/+109 | |
2018-02-25 | Add: if the initial apt setup, ignore the failure | Lars Wirzenius | 1 | -0/+8 | |
This lets us get past a mistake in the sources.list, such as a badly set debian_codename. Add: ignore more apt errors in initial setup | |||||
2018-02-25 | Add: sanity check: is debian_codename set? | Lars Wirzenius | 2 | -1/+11 | |
I couldn't get the Ansible "when" clause to work, so this checks it in shell instead. Ugly, but works. | |||||
2018-02-15 | Merge branch 'liw/htpasswd' | Ivan Dolgov | 2 | -2/+20 | |
2018-02-14 | Change: optionally install a per-site htpasswd file | Lars Wirzenius | 2 | -2/+20 | |
Also, configure the Apache vhost to use the file if installed. | |||||
2018-01-10 | Change: set debian_codename to a never-valid value | Lars Wirzenius | 1 | -1/+1 | |
This will catch problems where it's inadvertenly set. Not that I've ever mistyped the variable name. Not me. Nope. | |||||
2017-12-16 | Fix: only set password if one is given | Lars Wirzenius | 1 | -1/+7 | |
Previously this would set the encrypted password to xxx which means authn never works. I'm so stupid that the only reason I breathe is because my body doesn't let me have a vote in the matter. | |||||
2017-12-13 | Add: password field for users in unix_users | Lars Wirzenius | 2 | -0/+5 | |
This is for an _encrypted_ password. Sometimes it's necessary to have one, and just ssh key access isn't enough. Say, IMAP users. | |||||
2017-12-06 | Add: new way of installined authorized_keys | Lars Wirzenius | 1 | -1/+39 | |
The old way still works, but is ignored unless the authkeys_dir is set explicitly. |