summaryrefslogtreecommitdiff
path: root/roles
AgeCommit message (Collapse)AuthorFilesLines
2019-01-24Change: add cron job to run deploy_static_site_certsLars Wirzenius1-0/+10
2019-01-06Fix: restart haproxy after Let's Encrypt certifiacte is renewedLars Wirzenius1-0/+1
2019-01-06Change: default Debian mirrorLars Wirzenius1-1/+1
2018-11-06Fix: recreate haproxy.pem in cron jobLars Wirzenius1-0/+11
haproxy wants a haproxy.pem that is the catenation of letsencrypt's fullchain.pem and privkey.pem. It's created by the Ansible playbook, but if you don't run Ansible for three months, the cert will expire. Add a daily cron job that recreates haproxy.pem every day. This might be doable using a certbot haproxy plugin, but I can't be arsed to find out. Don't understand why letsencrypt doesn't just create such a file by default, or why haproxy wants such a file.
2018-08-07Add: check that letsencrypt_email is setLars Wirzenius1-2/+12
2018-08-07Add: haproxy roleLars Wirzenius4-0/+146
2018-07-30Fix: well-known dir for certbotLars Wirzenius1-1/+1
2018-07-03Change: stop Apache while running certbotLars Wirzenius1-0/+2
The certbot apache support is not currently working in Debian, so this is a workaround. Not ideal, but good enough for me.
2018-07-03Change: let user group Let's Encrypt certsLars Wirzenius3-48/+65
2018-06-19Change: support static website aliases for letsenryptLars Wirzenius2-15/+17
2018-05-30Fix: drop jinja2 templating from a "when:"Lars Wirzenius1-1/+1
2018-05-30Fix: allow access via HTTP when no HTTPS is to be requiredLars Wirzenius1-0/+1
2018-05-22Fix: enable apache ssl module only after configsLars Wirzenius1-8/+8
2018-05-18Change: allow .well-known dir be outside webrootLars Wirzenius3-9/+18
2018-05-18Fix: don't run things that require letencrypt vars, unlss desiredLars Wirzenius1-0/+3
2018-05-18Change: don't use Let's Encrypt certificates by defaultLars Wirzenius1-1/+1
2018-05-12Add: support optional Let's Encrypt TLS certs for static web sitesLars Wirzenius4-4/+109
2018-02-25Add: if the initial apt setup, ignore the failureLars Wirzenius1-0/+8
This lets us get past a mistake in the sources.list, such as a badly set debian_codename. Add: ignore more apt errors in initial setup
2018-02-25Add: sanity check: is debian_codename set?Lars Wirzenius2-1/+11
I couldn't get the Ansible "when" clause to work, so this checks it in shell instead. Ugly, but works.
2018-02-15Merge branch 'liw/htpasswd'Ivan Dolgov2-2/+20
2018-02-14Change: optionally install a per-site htpasswd fileLars Wirzenius2-2/+20
Also, configure the Apache vhost to use the file if installed.
2018-01-10Change: set debian_codename to a never-valid valueLars Wirzenius1-1/+1
This will catch problems where it's inadvertenly set. Not that I've ever mistyped the variable name. Not me. Nope.
2017-12-16Fix: only set password if one is givenLars Wirzenius1-1/+7
Previously this would set the encrypted password to xxx which means authn never works. I'm so stupid that the only reason I breathe is because my body doesn't let me have a vote in the matter.
2017-12-13Add: password field for users in unix_usersLars Wirzenius2-0/+5
This is for an _encrypted_ password. Sometimes it's necessary to have one, and just ssh key access isn't enough. Say, IMAP users.
2017-12-06Add: new way of installined authorized_keysLars Wirzenius1-1/+39
The old way still works, but is ignored unless the authkeys_dir is set explicitly.
2017-12-06Add: new fields for unix_users list itemsLars Wirzenius1-1/+10
2017-11-15Add: allow overriding AuthConfig in .htaccessLars Wirzenius1-0/+1
2017-10-19Add: in sources_lists signing-key and keyring-package are optionalLars Wirzenius1-0/+2
2017-10-19Fix: don't install -updates/-backports for busterLars Wirzenius1-0/+5
2017-10-14Fix: set ownership, perms for /etc/hostnameLars Wirzenius1-0/+3
2017-10-13Add: install signing key, keyring package via sources_listsLars Wirzenius2-1/+15
2017-08-02Add: git-annex on a gitano serverLars Wirzenius1-0/+4
2017-07-09Add: robots.txt for cgit to exclude everyoneLars Wirzenius3-0/+11
2017-05-08Handle ssh keys as content; restart apache after cgitLars Wirzenius3-3/+11
2017-04-24Disable cgit cachingLars Wirzenius1-2/+2
2017-04-24Rename roles to be more specificLars Wirzenius16-0/+0
Suggested by Ivan Dolgov.
2017-04-21Add web_server and git_server rolesLars Wirzenius16-0/+324
Need git_server for the new QvarnLabs git server, and the git server relies on the web server for cgit.
2017-04-18Install dbus so timectl works on systemd systemsLars Wirzenius1-0/+4
2017-04-17Set time zone in sane_debian_systemLars Wirzenius2-0/+8
2017-04-15Generate requested locales; fix conditions for hostnameLars Wirzenius2-3/+15
2017-04-15Generate sources.list suitable for unstableLars Wirzenius1-0/+3
2017-04-12Add a role to create Unix system usersLars Wirzenius3-0/+47
Including setting authorized_keys, and passwordless sudo access.
2017-04-04Fix apt-transport-https installationLars Wirzenius1-2/+12
We run virtual machines built from a disk image. The image has package lists downloaded, but from far ago. So we update them before installing the https transport. Then we install the transport. Then we fiddle with sources.lists, update package lists and then continue as needed.
2017-04-04Add -backports to sources.list.j2Lars Wirzenius1-0/+1
It's safe to do, since nothing will be installed from there without explicit request.
2017-04-04Fix source.list creation, separate apt updateLars Wirzenius1-4/+7
2017-04-04Fix line for codename-updates to be correctLars Wirzenius1-1/+1
2017-04-04Fix debian-release to be debian-codenameLars Wirzenius1-2/+2
Also, use a more reliable default mirror.
2017-04-04Use underscores, to be systemticLars Wirzenius6-0/+0
2017-04-04Make release codename a variableLars Wirzenius2-3/+5
2017-04-04Rename role to be generic Debian, not just jessieLars Wirzenius6-0/+0
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-04 06:37:59 +0000